1. Home
  2. Vulnerabilities
  3. CVE-2025-59718
9.8
CRITICAL CVSS 3.1
CVE-2025-59718
Fortinet FortiOS and FortiProxy Cryptographic Signature Bypass Vulnerability
Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

INFO

Published Date :

Dec. 9, 2025, 6:15 p.m.

Last Modified :

Dec. 9, 2025, 8:05 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-59718 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Fortinet fortios
2 Fortinet fortiswitchmanager
3 Fortinet fortiproxy
: Total Affected Vendor : 1 | Products : 3
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL 6abe59d8-c742-4dff-8ce8-9b0ca1073da8
CVSS 3.1 CRITICAL [email protected]
Solution
Update FortiOS and FortiProxy to a fixed version to address SAML bypass.
  • Update FortiOS to a fixed version.
  • Update FortiProxy to a fixed version.
  • Update FortiSwitchManager to a fixed version.
Public PoC/Exploit Available at Github

CVE-2025-59718 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-59718.

URL Resource
https://fortiguard.fortinet.com/psirt/FG-IR-25-647 Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-59718 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-59718 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Danmatic8/Projet-1-Veille-Securite

Mise en place d'un système de veille et d'analyse de menaces pour une entreprise du secteur de l'énergie

Updated: 19 hours, 36 minutes ago
0 stars 0 fork 0 watcher
Born at : Dec. 15, 2025, 2:42 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
f00dikator/SAML-parser

parse SAML responses from a pcap

Python

Updated: 4 days, 19 hours ago
0 stars 0 fork 0 watcher
Born at : Dec. 11, 2025, 2:45 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
Ashwesker/Blackash-CVE-2025-59718

CVE-2025-59718

Python

Updated: 3 days ago
1 stars 1 fork 1 watcher
Born at : Dec. 11, 2025, 9:55 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-59718 vulnerability anywhere in the article.

  • CybersecurityNews
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild

An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 ... Read more

Published Date: Dec 16, 2025 (2 hours, 36 minutes ago)
  • Daily CyberSecurity
Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs

A critical security crisis is unfolding for Fortinet administrators this week. Just days after the vendor disclosed two high-severity vulnerabilities, threat actors have begun actively exploiting them ... Read more

Published Date: Dec 16, 2025 (8 hours, 21 minutes ago)
  • TheCyberThrone
CISA adds Chrome ans Sierra Bugs to KEV Catalog

CISA has added two high‑impact vulnerabilities—CVE‑2025‑14174 in Google Chromium and CVE‑2018‑4063 in Sierra Wireless AirLink ALEOS—to the Known Exploited Vulnerabilities (KEV) catalog after confirmin ... Read more

Published Date: Dec 13, 2025 (2 days, 21 hours ago)
  • TheCyberThrone
GeoServer CVE-2025-58360 added to CISA KEV

Why this vulnerability mattersCVE-2025-58360 is a recently disclosed XML External Entity (XXE) vulnerability in OSGeo GeoServer that has now been added to the CISA Known Exploited Vulnerabilities (KEV ... Read more

Published Date: Dec 12, 2025 (4 days, 6 hours ago)
  • TheCyberThrone
Fortinet Critical Bugs CVE-2025-59718 and CVE-2025-59719

December 11, 2025Fortinet recently disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature, tracked as CVE-2025-59718 and CVE-2025-59719. These flaws allow una ... Read more

Published Date: Dec 11, 2025 (5 days, 6 hours ago)
  • The Cyber Express
Microsoft Patch Tuesday December 2025: One Zero-Day, Six High-Risk Flaws Fixed

Microsoft patched 57 vulnerabilities in its Patch Tuesday December 2025 update, including one exploited zero-day and six high-risk vulnerabilities. The exploited zero-day is CVE-2025-62221, a 7.8-rate ... Read more

Published Date: Dec 10, 2025 (5 days, 16 hours ago)
  • security.nl
Fortinet waarschuwt voor kritieke authenticatie bypass in meerdere producten

Fortinet waarschuwt voor twee kritieke kwetsbaarheden in verschillende producten waardoor aanvallers de authenticatie van systemen kunnen omzeilen om hier zo toegang toe te krijgen. De beveiligingslek ... Read more

Published Date: Dec 10, 2025 (5 days, 23 hours ago)
  • The Hacker News
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vul ... Read more

Published Date: Dec 10, 2025 (6 days, 5 hours ago)
  • Daily CyberSecurity
Critical Fortinet Flaw Risks Unauthenticated Admin Bypass via FortiCloud SSO SAML Forgery

Fortinet has issued an urgent security advisory following the discovery of a critical vulnerability affecting its flagship network security products. The flaw, which carries a critical CVSS score of 9 ... Read more

Published Date: Dec 10, 2025 (6 days, 8 hours ago)
  • BleepingComputer
Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authenticati ... Read more

Published Date: Dec 09, 2025 (6 days, 15 hours ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-59718 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 09, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.17 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.11 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.8 *cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.3 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.21 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.14 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.4.0 up to (including) 7.4.10 *cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* versions from (including) 7.6.0 up to (including) 7.6.3 *cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (including) 7.0.5 *cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (including) 7.2.6
    Added Reference Type Fortinet, Inc.: https://fortiguard.fortinet.com/psirt/FG-IR-25-647 Types: Vendor Advisory
  • New CVE Received by [email protected]

    Dec. 09, 2025

    Action Type Old Value New Value
    Added Description A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-347
    Added Reference https://fortiguard.fortinet.com/psirt/FG-IR-25-647
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact