216.73.217.22

CVE-2025-59718

· Published 09/12/2025 18:15 · Modified 17/12/2025 13:54

Labels: CVE-2025-59718 2025-12-09CVE-2025-59718CWE-347[email protected]

Essential information

Published
09/12/2025 18:15
Modified
17/12/2025 13:54
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinet / fortiproxy cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinet / fortiswitchmanager cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
fortinet / fortiswitchmanager cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinet / fortios cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (3)