CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-54821

unknowncovered by 1 sourcefirst seen 2025-11-18
CVSSv3 Score: 1.8 An Improper Privilege Management vulnerability [CWE-269] in FortiOS, FortiProxy and FortiPAM may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command. Revised on 2026-05-27 00:00:00

CSIRTS triage

What
An authenticated administrator can bypass the trusted host policy via crafted CLI command.
Who is affected
Authenticated administrators of FortiOS, FortiProxy, and FortiPAM.
Urgency
Remediation is necessary due to the potential for privilege escalation.
Action
Review and restrict CLI command usage to mitigate the issue.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-54821

Get an email if CVE-2025-54821 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-54821

CVE.org record

Embed the live status

CVE-2025-54821 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-54821 status](https://www.csirts.com/badge/CVE-2025-54821)](https://www.csirts.com/cve/CVE-2025-54821)