CVE-2025-54821 is an Improper Privilege Management vulnerability (CWE-269) identified in Fortinet FortiProxy and associated Fortinet products including FortiOS and FortiPAM. The flaw exists in versions FortiProxy 7.0.0 through 7.6.3 and multiple FortiOS and FortiPAM versions. It allows an authenticated administrator to bypass the trusted host policy by issuing specially crafted CLI commands. The trusted host policy is designed to restrict administrative access to specific IP addresses or hosts, thereby limiting the attack surface. By circumventing this policy, an attacker with administrative credentials can potentially execute commands from unauthorized hosts, increasing the risk of lateral movement or unauthorized configuration changes. The vulnerability requires the attacker to already have high-level privileges and local access to the device, limiting the attack vector. The CVSS v3.1 score is 1.8, reflecting low severity due to the requirement for high privileges and the limited impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild as of the publication date. The vulnerability was reserved on July 30, 2025, and published on November 18, 2025. Fortinet has not yet provided patch links, indicating that remediation may be pending or in progress.

For European organizations, the impact of CVE-2025-54821 is relatively low but still noteworthy. Since the vulnerability requires authenticated administrator access and local interaction, the risk is primarily to internal security controls and administrative boundaries. If exploited, it could allow an attacker with administrative credentials to bypass trusted host restrictions, potentially enabling unauthorized administrative actions from untrusted networks or hosts. This could facilitate lateral movement within the network or unauthorized configuration changes, undermining network segmentation and access controls. Critical infrastructure providers, financial institutions, and large enterprises relying on FortiProxy for secure web gateway or proxy services may face increased risk if internal administrative controls are weak. However, the absence of confidentiality or availability impact and the high privilege requirement reduce the likelihood of widespread disruption. The lack of known exploits in the wild further limits immediate risk but does not preclude future exploitation attempts.

1. Immediately review and restrict administrative access to FortiProxy and related Fortinet devices, ensuring only trusted personnel and hosts have access. 2. Implement network segmentation and access control lists (ACLs) to limit administrative interface exposure to trusted management networks. 3. Monitor CLI command usage and administrative login activity for anomalies or unauthorized access attempts. 4. Apply vendor patches promptly once released to address this vulnerability. 5. Use multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. 6. Conduct regular audits of administrative privileges and trusted host configurations to detect and remediate misconfigurations. 7. Employ network intrusion detection systems (NIDS) to alert on suspicious administrative command patterns or access from unexpected hosts. 8. Maintain up-to-date backups of device configurations to enable rapid recovery if unauthorized changes occur.