AI description
CVE-2025-59719 is a vulnerability affecting Fortinet FortiWeb versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9. It stems from an improper verification of cryptographic signatures. This vulnerability could allow an unauthenticated attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication. This can be achieved by sending a crafted Security Assertion Markup Language (SAML) response message to the targeted appliance.
- Description
- An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortiweb
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-347
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Fortinet ❗ CVE-2025-59719 ❗ CVE-2025-59718 ➡️ Más info: https://t.co/ZIVEEsEM7e https://t.co/zK6Nwjxc0y
@CERTpy
27 Jan 2026
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 We are observing active exploitation of CVE-2025-59718 and CVE-2025-59719, targeting FortiCloud SSO to bypass authentication. Attackers are using these flaws to maintain valid sessions and persistence even after the underlying devices are fully patched. Patching closes the
@ReliaQuestTR
26 Jan 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet confirms active FortiCloud SSO bypass affecting fully patched FortiGate firewalls, exploiting CVE-2025-59718 and CVE-2025-59719. Vulnerability allows persistent accounts, VPN access, and config theft. #FortinetRisk #SSOVulnerability #USA https://t.co/tYboJhOZlB
@TweetThreatNews
25 Jan 2026
137 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 ALERTA FORTINET Firewalls FortiGate PARCHEADOS estan siendo hackeados - Parche de diciembre NO funciona - Atacantes crean backdoors en SEGUNDOS - Roban configs completas Solucion temporal: Desactivar FortiCloud SSO CVE-2025-59718 / CVE-2025-59719 #fortinet #cibersegurid
@secnetnew
24 Jan 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet confirms FortiCloud SSO exploitation bypassing patches for CVE-2025-59718 and CVE-2025-59719. Attackers automate account creation, enable VPNs, and extract configs from FortiGate devices. #FortiCloudBreach #NetworkSecurity #USA https://t.co/XSELNE3X3q
@TweetThreatNews
24 Jan 2026
160 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet Confirms Active FortiCloud SSO Bypass Still Hits Fully Patched FortiGate Firewalls Fortinet confirmed attackers are exploiting a patch-bypass path for FortiCloud SSO auth flaws (CVE-2025-59718 / CVE-2025-59719) using crafted SAML messages, allowing persistence via n
@ThreatSynop
23 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Onderzoekers melden actief misbruik in FortiCloud van kwetsbaarheden met kenmerken CVE-2025-59718 en CVE-2025-59719. Lees hier onze update van het high/high beveiligingsadvies: https://t.co/OwAkGwvQKz
@ncsc_nl
23 Jan 2026
1218 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 Fortinet Confirms Active Exploitation of FortiCloud SSO Auth Bypass Targeting Even Patched FortiGates Fortinet confirmed an automated campaign abusing FortiCloud SSO authentication-bypass flaws (CVE-2025-59718 / CVE-2025-59719) to create rogue admin accounts, exfiltrate
@ThreatSynop
23 Jan 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetは、FortiGateを狙った攻撃で新たな攻撃経路が使われていると明らかにした。2025年12月に公表されたCVE-2025-59718およびCVE-2025-59719はFortiCloudのSSO機能を悪用した認証回避だったが、今回は修正後の最新版でも
@yousukezan
23 Jan 2026
1163 Impressions
5 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
Starting January 15, 2026, attackers exploited CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO on FortiGate devices, altering firewall configs, creating admin accounts, and exporting sensitive data. #FortiGateAttacks #SSOBypass #USA https://t.co/dZsIDyQaGO
@TweetThreatNews
23 Jan 2026
145 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. CVE-2025-59718 & CVE-2025-59719 #IOC https://t.co/X1i6yIgOxh
@blackorbird
23 Jan 2026
2529 Impressions
10 Retweets
30 Likes
6 Bookmarks
2 Replies
0 Quotes
csirt_it: ‼️ #Exploited #Fortinet: rilevato possibile bypass di aggiornamenti rilasciati a Dicembre per le CVE-2025-59718 e CVE-2025-59719 🔗 https://t.co/cOKFFdSy7P https://t.co/abBVDuijyQ
@Vulcanux_
22 Jan 2026
164 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ #Exploited #Fortinet: rilevato possibile bypass di aggiornamenti rilasciati a Dicembre per le CVE-2025-59718 e CVE-2025-59719 🔗 https://t.co/EMOH8biqER https://t.co/7RoZa7D4qH
@csirt_it
22 Jan 2026
231 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
In early December, Fortinet released an advisory for two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719). Shortly after disclosure, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Malicious logins
@DCWebGuy
22 Jan 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet SSO Bypass Under Active Attack The chatter isn't about failing patches. It’s about two critical auth bypass flaws (CVE-2025-59718 & CVE-2025-59719) in unpatched devices. Attackers began exploiting them within 72 hours of disclosure. The vulnerable component
@photogrim_
21 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59718 / CVE-2025-59719 Fortinet Poc https://t.co/8HgEks7nb5 #CyberSec
@hack4lifemx
27 Dec 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Fortinet FortiGate SAML SSO Auth Bypass Under Active Exploitation (Patch Now) Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 (CVSS 9.8) to bypass FortiCloud SSO authentication via crafted SAML messages, then logging in as “admin” and exporting device
@ThreatSynop
24 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiOS/FortiGate FortiCloud SSO Login Authentication Bypass Exploit !!! Only for the purpose of security research #FortiOS #FortiGate #CVE-2025-59718 #CVE-2025-59719 https://t.co/gy6uZFdHZO
@ElyDemiurge
24 Dec 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗔𝗹𝗲𝗿𝘁: 𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁 𝗙𝗼𝗿𝘁𝗶𝗚𝗮𝘁𝗲 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗨𝗻𝗱𝗲𝗿 𝗔𝗰𝘁𝗶𝘃𝗲 𝗔𝘁𝘁𝗮𝗰𝗸 CISA has designat
@salttechnews
22 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet FortiOS [—] Dec 22, 2025 Comprehensive advisory detailing the latest critical vulnerabilities, risks, and response strategies for Fortinet FortiOS, including CVE-2025-59718 and CVE-2025-59719. Checkout our Threat Intelligence Platform:... https://t.co/0zPN4WrnTy
@transilienceai
22 Dec 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 25,000 Fortinet devices with FortiCloud SSO remain exposed online. CVE-2025-59718 and CVE-2025-59719 enable attackers to bypass authentication via malicious SAML messages. #Fortinet #AuthenticationBypass #USA https://t.co/55EANd9dbO
@TweetThreatNews
21 Dec 2025
17 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Fortinet SSO Under Siege: There is an active alert regarding 25,000+ Fortinet devices exposed to remote attacks. Threat actors are exploiting critical vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in the FortiCloud Single Sign-On (SSO) feature to bypass authentication.
@PinkPinklava
20 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added fingerprinting of Fortinet devices with FortiCloud SSO enabled to our Device Identification reporting (at least 25K IPs seen globally). While not necessarily vulnerable to CVE-2025-59718/CVE-2025-59719 if you get a report from us regarding exposure, please verify/patch!
@Shadowserver
19 Dec 2025
2874 Impressions
9 Retweets
19 Likes
4 Bookmarks
1 Reply
0 Quotes
En ciberseguridad IOT, dos nuevas vulnerabilidades en los productos Fortinet están siendo explotadas libremente . Vulnerabilidades CVE-2025-59718 y CVE-2025-59719 La vulnerabilidad, identificada como CVE‑2025‑64446, ha sido catalogada con una puntuación alta CVSS de 9,8/1
@AbrahamAla5889
18 Dec 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortinetのSSO 脆弱性、公開直後から悪用を確認(CVE-2025-59718,CVE-2025-59719) https://t.co/UF47EROvVn #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
@securityLab_jp
18 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For the latest Fortigate CVEs (CVE-2025-59718 & CVE-2025-59719), @HuntressLabs SIEM' is observing the following IPv4s associated with exploitation 📍 38.54.95[.]226 45.32.153[.]218 45.61.136[.]7 167.179.76[.]111 199.247.7[.]82 Detect for .... 🧵 https://t.co/uVNaHmlwF1
@Purp1eW0lf
18 Dec 2025
3757 Impressions
11 Retweets
22 Likes
8 Bookmarks
1 Reply
1 Quote
🚨 A recently disclosed pair of vulns affecting #Fortinet devices are being actively exploited in the wild. CVE-2025-59718 & CVE-2025-59719, carrying critical CVSSv3 scores, allow an unauthenticated remote attacker to gain device admin access. Read on: https://t.co/ELllZ43
@rapid7
17 Dec 2025
9150 Impressions
12 Retweets
36 Likes
9 Bookmarks
3 Replies
0 Quotes
Fortinet auth bypass is being exploited in the wild: CVE-2025-59718 + CVE-2025-59719. If FortiCloud SSO admin login is enabled, attackers can log in as admin via a crafted SAML message.
@shavvheen
17 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Fortinet heeft beveiligingsupdates uitgebracht voor FortiOS, FortiProxy, FortiWeb en FortiSwitchManager na meldingen van actief misbruik van twee ernstige kwetsbaarheden. Het gaat om CVE-2025-59718 en CVE-2025-59719, beide met een CVSS-score van 9,8. https://t.co/VNaHagvqqB
@Guardian360nl
17 Dec 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #LowCompleteness Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 | 15-12-2025 Source: https://t.co/NHyKkb4eWR Key details below ↓ 🎯Victims: Fortinet fortigate users, Firewall and vpn http
@rst_cloud
17 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet FortiGate devices are under active attack via SSO authentication bypass flaws. CVE-2025-59718 and CVE-2025-59719 both have CVSS scores of 9.8 and exploit the FortiCloud SSO 🔗 Details → https://t.co/sOvcptoRDG https://t.co/kUb2XJtoeG
@abarbap
17 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️Brīdinājums! Atklātas kritiskas ievainojamības FortiOS, FortiProxy, FortiSwitchManager un FortiWeb programmatūrā - CVE-2025-59718 un CVE-2025-59719 (CVSS 9.1) ⚠️Informācija liecina, ka ievainojamības jau tiek aktīvi izmantotas kiberuzbrukumos. Vairāk: https:/
@certlv
17 Dec 2025
449 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity experts report that threat actors are actively exploiting two newly disclosed vulnerabilities in Fortinet FortiGate devices, utilizing malicious SSO logins and authentication bypasses (CVE-2025-59718 & CVE-2025-59719). https://t.co/PVpSEYEuDW
@Cyber_O51NT
17 Dec 2025
1402 Impressions
5 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
Hackers exploit CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO, gaining unauthorized admin access and stealing configs from multiple Fortinet products, excluding FortiOS 6.4a. #FortinetFlaws #SSOBypass #USA https://t.co/IomE0NDthH
@TweetThreatNews
17 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidades crítica en #Fortinet CVE-2025-59718 y CVE-2025-59719 (CVSS: 9.8). FortiCloud SSO está apagado por defecto pero se activa automáticamente cuando el equipo se registra. Se debe deshabilitar manualmente. PARCHEA! https://t.co/jUVf9vMf4B
@SeguInfo
16 Dec 2025
1531 Impressions
9 Retweets
23 Likes
3 Bookmarks
0 Replies
0 Quotes
Fortinet reports active exploitation of FortiGate SSO flaws CVE-2025-59718 and CVE-2025-59719, enabling unauthenticated SAML logins and admin access. Advisory dated Dec 9 2025. #Vuln https://t.co/wdHVq8KxBz
@threatcluster
16 Dec 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: Fortinet devices under active attack via two SSO bypass flaws (CVE-2025-59718 & CVE-2025-59719). Attackers are forging SAML messages to gain admin access. Patch NOW or disable FortiCloud SSO! 🔥 #Fortinet #CyberAttack #Vulnerability 🔗 https://t.co/TZTqDIc
@NetSecIO
16 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 FortiGate SSO Exploit Alert Active attacks exploiting CVE-2025-59718 & CVE-2025-59719 allow unauthenticated SAML-based SSO logins, giving attackers admin access. Affected: FortiOS, FortiWeb, FortiProxy, FortiSwitchManager (FortiCloud SSO enabled) 🔧 Patch immediatel
@truething33
16 Dec 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fresh Fortinet flaws CVE-2025-59718 & CVE-2025-59719 exploited days after patch release, bypassing FortiCloud SSO via crafted SAML responses. Attacks targeted admin accounts, leading to config theft. #FortinetBreach #SSOAttack #USA https://t.co/kK069S6YBf
@TweetThreatNews
16 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Active Exploitation Alert! Threat actors are actively exploiting two critical FortiGate vulnerabilities (CVE-2025-59718, CVE-2025-59719) that allow SAML SSO authentication bypass when FortiCloud SSO is enabled. #CybersecurityNews Full Story 👉 https://t.co/il1hlxjOFN http
@CSec88
16 Dec 2025
511 Impressions
3 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Fortinet FortiGate devices are under active attack via SSO authentication bypass flaws. CVE-2025-59718 and CVE-2025-59719 both have CVSS scores of 9.8 and exploit the FortiCloud SSO feature. Disable FortiCloud SSO until systems are fully updated. 🔗 Details → https://
@TheHackersNews
16 Dec 2025
33054 Impressions
89 Retweets
257 Likes
78 Bookmarks
4 Replies
7 Quotes
Onderzoekers melden actief misbruik in fortinet producten met kwetsbaarheden betreffende kenmerk CVE-2025-59718 en CVE-2025-59719. Lees hier onze update van het beveiligingsadvies: https://t.co/OwAkGwvQKz
@ncsc_nl
16 Dec 2025
1524 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
FortiGate SSOの重大(Critical)な脆弱性が悪用されている。Arctic Wolf社報告。CVE-2025-59718とCVE-2025-59719で、いずれもCVSSスコア9.1。特定のホスティング事業者群からadminアカウントを直接狙うもの。 https://t.co/2HZP1oYBqZ
@__kokumoto
16 Dec 2025
1309 Impressions
1 Retweet
7 Likes
6 Bookmarks
0 Replies
0 Quotes
Fortinet Patches Critical Authentication Bypass Vulnerabilities Tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.8), the two bugs are described as improper verification of cryptographic signature issues. They impact FortiOS, FortiWeb, FortiProxy, and https://t.co/Eo
@johndjohnson
12 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-59718 & CVE-2025-59719: Fortinet FortiCloud SSO Auth Bypass Fortinet's got two critical flaws (CVSS 9.6 and 9.8) in FortiCloud SSO allowing complete authentication bypass. What's nasty: CVE-2025-59718 exploits improper session validation—attackers craft ma
@the_c_protocol
11 Dec 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-59718 & CVE-2025-59719: FortiCloud SSO Authentication Bypass Unauthenticated attackers may bypass FortiCloud SSO by abusing crafted SAML messages when the feature is enabled. ZoomEye Dork👉app="Fortinet FortiSwitch" || app="Fortinet FortiWeb" || app="Forti
@zoomeye_team
11 Dec 2025
8509 Impressions
35 Retweets
120 Likes
47 Bookmarks
0 Replies
0 Quotes
🚨 Upozorňujeme na kritické zranitelnosti v produktech Fortinet, CVE-2025-59718 a CVE-2025-59719. Zranitelnosti umožňují neautentizovanému útočníkovi obejít FortiCloud SSO autentizaci prostřednictvím podvržené SAML zprávy. Pokud je funkce FortiCloud SSO povolena,
@GOVCERT_CZ
10 Dec 2025
824 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
❗ ALERT ❗ We’re aware of critical vulnerabilities in Multiple Fortinet Products: - CVE-2025-59718 - CVE-2025-59719 Read the full alert 👉 https://t.co/stokNdKHFl https://t.co/twizd5yGHJ
@7thGensec
10 Dec 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Here we go, another crits on fori. Authentication bypass on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when SAML is on CVE-2025-59718 CVE-2025-59719 https://t.co/F8lCILYD8t https://t.co/sEGuCaVqU2
@h4x0r_dz
10 Dec 2025
11909 Impressions
22 Retweets
185 Likes
63 Bookmarks
1 Reply
1 Quote
Here we go, another crits on fori. Authentication bypass on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when SAML is on CVE-2025-59718 CVE-2025-59719 https://t.co/3rr4q98jE4
@h4x0r_dz
10 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87CA4C4B-2701-4DEB-BB36-DBBFBD19D48A",
"versionEndIncluding": "7.4.9",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8473958D-E679-4501-8D78-5350FA8FC1FC",
"versionEndIncluding": "7.6.4",
"versionStartIncluding": "7.6.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6578F992-46E7-422C-A837-5A7F0E966AB6"
}
],
"operator": "OR"
}
]
}
]