vulnerability
Fortinet FortiOS: CVE-2025-59718: Improper Verification of Cryptographic Signature
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Dec 9, 2025 | Dec 17, 2025 | Mar 30, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 9, 2025
Added
Dec 17, 2025
Modified
Mar 30, 2026
Description
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Solution
fortios-upgrade-latest
References
- CVE-2025-59718
- https://attackerkb.com/topics/CVE-2025-59718
- CWE-347
- EUVD-EUVD-2025-202198
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-202198
- https://fortiguard.fortinet.com/psirt/FG-IR-25-647
- https://www.rapid7.com/blog/post/etr-critical-vulnerabilities-in-fortinet-cve-2025-59718-cve-2025-59719-exploited-in-the-wild/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.