216.73.217.22

CVE-2025-59719

· Published 09/12/2025 18:15 · Modified 09/12/2025 19:59

Labels: CVE-2025-59719 2025-12-09CVE-2025-59719CWE-347[email protected]

Essential information

Published
09/12/2025 18:15
Modified
09/12/2025 19:59
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
fortinet / fortiweb cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (3)