CVE-2025-59719
Published Dec 9, 2025
Last updated 7 days ago
AI description
CVE-2025-59719 is a vulnerability affecting Fortinet FortiWeb versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9. It stems from an improper verification of cryptographic signatures. This vulnerability could allow an unauthenticated attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication. This can be achieved by sending a crafted Security Assertion Markup Language (SAML) response message to the targeted appliance.
- Description
- An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
- Source
- psirt@fortinet.com
- NVD status
- Modified
- Products
- fortiweb
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-347
- Hype score
- Not currently trending
FortiSandbox Critical Flaws Actively Exploited: Patch Now CVE-2025-59718 (CVSS 9.8) and CVE-2025-59719 in Fortinet FortiSandbox are confirmed… Read more: https://t.co/KqzxaIKIfh #Fortinet #Fortisandbox #ActiveExploitation #CriticalVulnerability
@navanem
16 Jun 2026
0 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
TrueSec, FortiNet SSO vulnerability CVE-2025-59718 and CVE-2025-59719 leading to system compromise -- https://t.co/3KcVNXh6PR
@AndreGironda
15 Jun 2026
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiNet SSO Vulnerability CVE-2025-59718 and CVE-2025-59719 Leading to Full System Compromise https://t.co/Zb9aUEvbyt Other incident responders have already shared insights about threat actor activities within the network once a device has been compromised; for instance, Sent
@f1tym1
15 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiGate のゼロデイ脆弱性 CVE-2026-24858 などを悪用:ネットワーク侵入と資格情報窃取を検出 https://t.co/IJuFDvl6Oz このインシデントが示すのは、複数の深刻な脆弱性が原因となり、被害が広がってしまう状況です
@iototsecnews
20 Mar 2026
131 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit FortiGate Firewalls in Widespread Attacks to Steal Network Credentials Threat actors are primarily abusing several FortiGate vulnerabilities, including CVE-2025-59718, CVE-2025-59719, and the recently patched CVE-2026-24858. These flaws allow unauthorized users h
@johndjohnson
17 Mar 2026
861 Impressions
8 Retweets
11 Likes
5 Bookmarks
0 Replies
0 Quotes
📌 استغلال ثغرات في جدران حماية FortiGate لاختراق الشبكات وسرقة بيانات الاعتماد 🛡️ الفئة: هجوم سيبراني 📝 الملخص: رصدت عمليات اختراق متعددة استهدفت جدران
@GMashari
16 Mar 2026
173 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغلال ثغرات في جدران حماية FortiGate لاختراق الشبكات وسرقة بيانات الاعتماد رصدت عمليات اختراق متعددة استهدفت جدران الحماية FortiGate (NGFW) في أوائل عام 2026، حي
@MisbarSec
16 Mar 2026
159 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiGate NGFWs exploited since Nov 2025 via #CVE-2025-59718, CVE-2025-59719, CVE-2026-24858 to steal LDAP credentials & exfiltrate NTDS.dit. Patch immediately. #threatintel #mssp #cybersecurity #mssp
@bettermssp
11 Mar 2026
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiGate機器を入口としたネットワーク侵害について。SentinelOne社報告。CVE-2025-59718、CVE-2025-59719、CVE-2026-24858で例示される既知の脆弱性の悪用。 https://t.co/YDeBMmdsL4
@__kokumoto
10 Mar 2026
1282 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Fortinet ❗ CVE-2025-59719 ❗ CVE-2025-59718 ➡️ Más info: https://t.co/ZIVEEsEM7e https://t.co/zK6Nwjxc0y
@CERTpy
27 Jan 2026
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 We are observing active exploitation of CVE-2025-59718 and CVE-2025-59719, targeting FortiCloud SSO to bypass authentication. Attackers are using these flaws to maintain valid sessions and persistence even after the underlying devices are fully patched. Patching closes the
@ReliaQuestTR
26 Jan 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet confirms active FortiCloud SSO bypass affecting fully patched FortiGate firewalls, exploiting CVE-2025-59718 and CVE-2025-59719. Vulnerability allows persistent accounts, VPN access, and config theft. #FortinetRisk #SSOVulnerability #USA https://t.co/tYboJhOZlB
@TweetThreatNews
25 Jan 2026
137 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 ALERTA FORTINET Firewalls FortiGate PARCHEADOS estan siendo hackeados - Parche de diciembre NO funciona - Atacantes crean backdoors en SEGUNDOS - Roban configs completas Solucion temporal: Desactivar FortiCloud SSO CVE-2025-59718 / CVE-2025-59719 #fortinet #cibersegurid
@secnetnew
24 Jan 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet confirms FortiCloud SSO exploitation bypassing patches for CVE-2025-59718 and CVE-2025-59719. Attackers automate account creation, enable VPNs, and extract configs from FortiGate devices. #FortiCloudBreach #NetworkSecurity #USA https://t.co/XSELNE3X3q
@TweetThreatNews
24 Jan 2026
160 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet Confirms Active FortiCloud SSO Bypass Still Hits Fully Patched FortiGate Firewalls Fortinet confirmed attackers are exploiting a patch-bypass path for FortiCloud SSO auth flaws (CVE-2025-59718 / CVE-2025-59719) using crafted SAML messages, allowing persistence via n
@ThreatSynop
23 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Onderzoekers melden actief misbruik in FortiCloud van kwetsbaarheden met kenmerken CVE-2025-59718 en CVE-2025-59719. Lees hier onze update van het high/high beveiligingsadvies: https://t.co/OwAkGwvQKz
@ncsc_nl
23 Jan 2026
1218 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
🚨 Fortinet Confirms Active Exploitation of FortiCloud SSO Auth Bypass Targeting Even Patched FortiGates Fortinet confirmed an automated campaign abusing FortiCloud SSO authentication-bypass flaws (CVE-2025-59718 / CVE-2025-59719) to create rogue admin accounts, exfiltrate
@ThreatSynop
23 Jan 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetは、FortiGateを狙った攻撃で新たな攻撃経路が使われていると明らかにした。2025年12月に公表されたCVE-2025-59718およびCVE-2025-59719はFortiCloudのSSO機能を悪用した認証回避だったが、今回は修正後の最新版でも
@yousukezan
23 Jan 2026
1163 Impressions
5 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
Starting January 15, 2026, attackers exploited CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO on FortiGate devices, altering firewall configs, creating admin accounts, and exporting sensitive data. #FortiGateAttacks #SSOBypass #USA https://t.co/dZsIDyQaGO
@TweetThreatNews
23 Jan 2026
145 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. CVE-2025-59718 & CVE-2025-59719 #IOC https://t.co/X1i6yIgOxh
@blackorbird
23 Jan 2026
2529 Impressions
10 Retweets
30 Likes
6 Bookmarks
2 Replies
0 Quotes
csirt_it: ‼️ #Exploited #Fortinet: rilevato possibile bypass di aggiornamenti rilasciati a Dicembre per le CVE-2025-59718 e CVE-2025-59719 🔗 https://t.co/cOKFFdSy7P https://t.co/abBVDuijyQ
@Vulcanux_
22 Jan 2026
164 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ #Exploited #Fortinet: rilevato possibile bypass di aggiornamenti rilasciati a Dicembre per le CVE-2025-59718 e CVE-2025-59719 🔗 https://t.co/EMOH8biqER https://t.co/7RoZa7D4qH
@csirt_it
22 Jan 2026
231 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
In early December, Fortinet released an advisory for two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719). Shortly after disclosure, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Malicious logins
@DCWebGuy
22 Jan 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet SSO Bypass Under Active Attack The chatter isn't about failing patches. It’s about two critical auth bypass flaws (CVE-2025-59718 & CVE-2025-59719) in unpatched devices. Attackers began exploiting them within 72 hours of disclosure. The vulnerable component
@photogrim_
21 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59718 / CVE-2025-59719 Fortinet Poc https://t.co/8HgEks7nb5 #CyberSec
@hack4lifemx
27 Dec 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Fortinet FortiGate SAML SSO Auth Bypass Under Active Exploitation (Patch Now) Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 (CVSS 9.8) to bypass FortiCloud SSO authentication via crafted SAML messages, then logging in as “admin” and exporting device
@ThreatSynop
24 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortiOS/FortiGate FortiCloud SSO Login Authentication Bypass Exploit !!! Only for the purpose of security research #FortiOS #FortiGate #CVE-2025-59718 #CVE-2025-59719 https://t.co/gy6uZFdHZO
@ElyDemiurge
24 Dec 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗔𝗹𝗲𝗿𝘁: 𝗙𝗼𝗿𝘁𝗶𝗻𝗲𝘁 𝗙𝗼𝗿𝘁𝗶𝗚𝗮𝘁𝗲 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗨𝗻𝗱𝗲𝗿 𝗔𝗰𝘁𝗶𝘃𝗲 𝗔𝘁𝘁𝗮𝗰𝗸 CISA has designat
@salttechnews
22 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet FortiOS [—] Dec 22, 2025 Comprehensive advisory detailing the latest critical vulnerabilities, risks, and response strategies for Fortinet FortiOS, including CVE-2025-59718 and CVE-2025-59719. Checkout our Threat Intelligence Platform:... https://t.co/0zPN4WrnTy
@transilienceai
22 Dec 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Over 25,000 Fortinet devices with FortiCloud SSO remain exposed online. CVE-2025-59718 and CVE-2025-59719 enable attackers to bypass authentication via malicious SAML messages. #Fortinet #AuthenticationBypass #USA https://t.co/55EANd9dbO
@TweetThreatNews
21 Dec 2025
17 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Fortinet SSO Under Siege: There is an active alert regarding 25,000+ Fortinet devices exposed to remote attacks. Threat actors are exploiting critical vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in the FortiCloud Single Sign-On (SSO) feature to bypass authentication.
@PinkPinklava
20 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added fingerprinting of Fortinet devices with FortiCloud SSO enabled to our Device Identification reporting (at least 25K IPs seen globally). While not necessarily vulnerable to CVE-2025-59718/CVE-2025-59719 if you get a report from us regarding exposure, please verify/patch!
@Shadowserver
19 Dec 2025
2874 Impressions
9 Retweets
19 Likes
4 Bookmarks
1 Reply
0 Quotes
En ciberseguridad IOT, dos nuevas vulnerabilidades en los productos Fortinet están siendo explotadas libremente . Vulnerabilidades CVE-2025-59718 y CVE-2025-59719 La vulnerabilidad, identificada como CVE‑2025‑64446, ha sido catalogada con una puntuación alta CVSS de 9,8/1
@AbrahamAla5889
18 Dec 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FortinetのSSO 脆弱性、公開直後から悪用を確認(CVE-2025-59718,CVE-2025-59719) https://t.co/UF47EROvVn #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
@securityLab_jp
18 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For the latest Fortigate CVEs (CVE-2025-59718 & CVE-2025-59719), @HuntressLabs SIEM' is observing the following IPv4s associated with exploitation 📍 38.54.95[.]226 45.32.153[.]218 45.61.136[.]7 167.179.76[.]111 199.247.7[.]82 Detect for .... 🧵 https://t.co/uVNaHmlwF1
@Purp1eW0lf
18 Dec 2025
3757 Impressions
11 Retweets
22 Likes
8 Bookmarks
1 Reply
1 Quote
🚨 A recently disclosed pair of vulns affecting #Fortinet devices are being actively exploited in the wild. CVE-2025-59718 & CVE-2025-59719, carrying critical CVSSv3 scores, allow an unauthenticated remote attacker to gain device admin access. Read on: https://t.co/ELllZ43
@rapid7
17 Dec 2025
9150 Impressions
12 Retweets
36 Likes
9 Bookmarks
3 Replies
0 Quotes
Fortinet auth bypass is being exploited in the wild: CVE-2025-59718 + CVE-2025-59719. If FortiCloud SSO admin login is enabled, attackers can log in as admin via a crafted SAML message.
@shavvheen
17 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Fortinet heeft beveiligingsupdates uitgebracht voor FortiOS, FortiProxy, FortiWeb en FortiSwitchManager na meldingen van actief misbruik van twee ernstige kwetsbaarheden. Het gaat om CVE-2025-59718 en CVE-2025-59719, beide met een CVSS-score van 9,8. https://t.co/VNaHagvqqB
@Guardian360nl
17 Dec 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #LowCompleteness Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719 | 15-12-2025 Source: https://t.co/NHyKkb4eWR Key details below ↓ 🎯Victims: Fortinet fortigate users, Firewall and vpn http
@rst_cloud
17 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Fortinet FortiGate devices are under active attack via SSO authentication bypass flaws. CVE-2025-59718 and CVE-2025-59719 both have CVSS scores of 9.8 and exploit the FortiCloud SSO 🔗 Details → https://t.co/sOvcptoRDG https://t.co/kUb2XJtoeG
@abarbap
17 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️Brīdinājums! Atklātas kritiskas ievainojamības FortiOS, FortiProxy, FortiSwitchManager un FortiWeb programmatūrā - CVE-2025-59718 un CVE-2025-59719 (CVSS 9.1) ⚠️Informācija liecina, ka ievainojamības jau tiek aktīvi izmantotas kiberuzbrukumos. Vairāk: https:/
@certlv
17 Dec 2025
449 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity experts report that threat actors are actively exploiting two newly disclosed vulnerabilities in Fortinet FortiGate devices, utilizing malicious SSO logins and authentication bypasses (CVE-2025-59718 & CVE-2025-59719). https://t.co/PVpSEYEuDW
@Cyber_O51NT
17 Dec 2025
1402 Impressions
5 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
Hackers exploit CVE-2025-59718 and CVE-2025-59719 to bypass FortiCloud SSO, gaining unauthorized admin access and stealing configs from multiple Fortinet products, excluding FortiOS 6.4a. #FortinetFlaws #SSOBypass #USA https://t.co/IomE0NDthH
@TweetThreatNews
17 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidades crítica en #Fortinet CVE-2025-59718 y CVE-2025-59719 (CVSS: 9.8). FortiCloud SSO está apagado por defecto pero se activa automáticamente cuando el equipo se registra. Se debe deshabilitar manualmente. PARCHEA! https://t.co/jUVf9vMf4B
@SeguInfo
16 Dec 2025
1531 Impressions
9 Retweets
23 Likes
3 Bookmarks
0 Replies
0 Quotes
Fortinet reports active exploitation of FortiGate SSO flaws CVE-2025-59718 and CVE-2025-59719, enabling unauthenticated SAML logins and admin access. Advisory dated Dec 9 2025. #Vuln https://t.co/wdHVq8KxBz
@threatcluster
16 Dec 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: Fortinet devices under active attack via two SSO bypass flaws (CVE-2025-59718 & CVE-2025-59719). Attackers are forging SAML messages to gain admin access. Patch NOW or disable FortiCloud SSO! 🔥 #Fortinet #CyberAttack #Vulnerability 🔗 https://t.co/TZTqDIc
@NetSecIO
16 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 FortiGate SSO Exploit Alert Active attacks exploiting CVE-2025-59718 & CVE-2025-59719 allow unauthenticated SAML-based SSO logins, giving attackers admin access. Affected: FortiOS, FortiWeb, FortiProxy, FortiSwitchManager (FortiCloud SSO enabled) 🔧 Patch immediatel
@truething33
16 Dec 2025
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fresh Fortinet flaws CVE-2025-59718 & CVE-2025-59719 exploited days after patch release, bypassing FortiCloud SSO via crafted SAML responses. Attacks targeted admin accounts, leading to config theft. #FortinetBreach #SSOAttack #USA https://t.co/kK069S6YBf
@TweetThreatNews
16 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Active Exploitation Alert! Threat actors are actively exploiting two critical FortiGate vulnerabilities (CVE-2025-59718, CVE-2025-59719) that allow SAML SSO authentication bypass when FortiCloud SSO is enabled. #CybersecurityNews Full Story 👉 https://t.co/il1hlxjOFN http
@CSec88
16 Dec 2025
511 Impressions
3 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Fortinet FortiGate devices are under active attack via SSO authentication bypass flaws. CVE-2025-59718 and CVE-2025-59719 both have CVSS scores of 9.8 and exploit the FortiCloud SSO feature. Disable FortiCloud SSO until systems are fully updated. 🔗 Details → https://
@TheHackersNews
16 Dec 2025
33054 Impressions
89 Retweets
257 Likes
78 Bookmarks
4 Replies
7 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87CA4C4B-2701-4DEB-BB36-DBBFBD19D48A",
"versionEndIncluding": "7.4.9",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8473958D-E679-4501-8D78-5350FA8FC1FC",
"versionEndIncluding": "7.6.4",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6578F992-46E7-422C-A837-5A7F0E966AB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]