AI description
CVE-2025-59718 is a vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager. It stems from an improper verification of cryptographic signatures, which could allow an unauthenticated attacker to bypass FortiCloud Single Sign-On (SSO) login authentication. This bypass is possible through a crafted Security Assertion Markup Language (SAML) message, but only if the FortiCloud SSO login feature is enabled on the device. The FortiCloud SSO login feature is not enabled by default in factory settings. However, it becomes enabled when an administrator registers the device with FortiCare via the GUI, unless the administrator specifically disables the "Allow administrative login using FortiCloud SSO" option during registration.
- Description
- A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiproxy, fortiswitchmanager, fortios
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-347
- Hype score
- Not currently trending
🚨 Urgent: #Fortinet, #Ivanti, & #SAP address critical security flaws in their products that could lead to authentication bypass & code execution! 💻🔒 CVE-2025-59718 tracked. Source: https://t.co/wOX8EuNKlF
@JamaalChalid
13 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet Patches Critical Authentication Bypass Vulnerabilities Tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.8), the two bugs are described as improper verification of cryptographic signature issues. They impact FortiOS, FortiWeb, FortiProxy, and https://t.co/Eo
@johndjohnson
12 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-59718 & CVE-2025-59719: Fortinet FortiCloud SSO Auth Bypass Fortinet's got two critical flaws (CVSS 9.6 and 9.8) in FortiCloud SSO allowing complete authentication bypass. What's nasty: CVE-2025-59718 exploits improper session validation—attackers craft ma
@the_c_protocol
11 Dec 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-59718 & CVE-2025-59719: FortiCloud SSO Authentication Bypass Unauthenticated attackers may bypass FortiCloud SSO by abusing crafted SAML messages when the feature is enabled. ZoomEye Dork👉app="Fortinet FortiSwitch" || app="Fortinet FortiWeb" || app="Forti
@zoomeye_team
11 Dec 2025
8509 Impressions
35 Retweets
120 Likes
47 Bookmarks
0 Replies
0 Quotes
あー CVE-2025-59718 少なくとも7.4.9にしるって感じですな。 暗号署名の不適切な検証の脆弱性により、 認証されていない攻撃者が細工した SAML 応答メッセージを介して、 FortiCloud SSO ログイン認証を迂回する可
@g_yotuya
11 Dec 2025
374 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Upozorňujeme na kritické zranitelnosti v produktech Fortinet, CVE-2025-59718 a CVE-2025-59719. Zranitelnosti umožňují neautentizovanému útočníkovi obejít FortiCloud SSO autentizaci prostřednictvím podvržené SAML zprávy. Pokud je funkce FortiCloud SSO povolena,
@GOVCERT_CZ
10 Dec 2025
824 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
❗ ALERT ❗ We’re aware of critical vulnerabilities in Multiple Fortinet Products: - CVE-2025-59718 - CVE-2025-59719 Read the full alert 👉 https://t.co/stokNdKHFl https://t.co/twizd5yGHJ
@7thGensec
10 Dec 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Here we go, another crits on fori. Authentication bypass on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when SAML is on CVE-2025-59718 CVE-2025-59719 https://t.co/F8lCILYD8t https://t.co/sEGuCaVqU2
@h4x0r_dz
10 Dec 2025
11909 Impressions
22 Retweets
185 Likes
63 Bookmarks
1 Reply
1 Quote
Here we go, another crits on fori. Authentication bypass on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when SAML is on CVE-2025-59718 CVE-2025-59719 https://t.co/3rr4q98jE4
@h4x0r_dz
10 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Authentication Bypass Vulnerabilities have been discovered in multiple #Fortinet products. Apply Updates! #CVE-2025-59718 #CVE-2025-59719 https://t.co/x9MmdenMZE
@NCIIPC
10 Dec 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-59718 & CVE-2025-59719 : Critical Fortinet Flaw Risks Unauthenticated Admin Bypass via FortiCloud SSO SAML Forgery 📊2.3M Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/Hvg185t0p0 👇Query HUNTER : https://t.co
@HunterMapping
10 Dec 2025
6270 Impressions
29 Retweets
109 Likes
52 Bookmarks
3 Replies
1 Quote
Fortinet warns of critical FortiCloud SSO login auth bypass flaws (CVE-2025-59718 and CVE-2025-59719) https://t.co/0I1tm8YcNd #patchmanagement
@eyalestrin
10 Dec 2025
133 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت شركات Fortinet وIvanti وSAP تحديثات عاجلة لمعالجة عيوب أمنية حرجة تتعلق بتجاوز المصادقة وتنفيذ التعليمات البرمجية. تتعلق ثغرات Fortinet بنظام FortiOS وبعض منتج
@Cybercachear
10 Dec 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【今日のForti】フォーティネットの定例更新。今回も重大(Critical)な脆弱性あり。暗号署名検証の不備に起因するFortiCloud SSOログインの認証回避。FortiOS, FortiProxy, FortiSwitchManagerではCVE-2025-59718、FortiWebではCVE-2025-5
@__kokumoto
9 Dec 2025
994 Impressions
0 Retweets
4 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7C1BB39-5796-4CFE-943D-CB94FE932B1D",
"versionEndIncluding": "7.0.21",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "827ACF40-2F2D-455F-B4B1-4D96F7C343DA",
"versionEndIncluding": "7.2.14",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CA90D56-A627-4664-90E4-AB5F87E68E04",
"versionEndIncluding": "7.4.10",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF573060-732A-465A-B6C0-87F3196EA8C0",
"versionEndIncluding": "7.6.3",
"versionStartIncluding": "7.6.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91C92D2D-D834-4FE9-B34D-A606A923426B",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EADD2C9-04B9-44D0-8F8B-026E2D0EAA3C",
"versionEndIncluding": "7.2.6",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E87C0DD6-A590-4E5E-8F63-481E15647BF9",
"versionEndIncluding": "7.0.17",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E2C05DC-760B-4A39-8FC5-F485C28E34DB",
"versionEndIncluding": "7.2.11",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACF34737-DB9E-4E9D-80A1-6185BFFEB8D0",
"versionEndIncluding": "7.4.8",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83A9230A-728D-4F1F-BF23-D77EA71CF0BD",
"versionEndIncluding": "7.6.3",
"versionStartIncluding": "7.6.0"
}
],
"operator": "OR"
}
]
}
]