CVE-2025-59718

Summary

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSwitchManager7.2.0 <= 7.2.6affected
FortinetFortiSwitchManager7.0.0 <= 7.0.5affected
FortinetFortiOS7.6.0 <= 7.6.3affected
FortinetFortiOS7.4.0 <= 7.4.8affected
FortinetFortiOS7.2.0 <= 7.2.11affected
FortinetFortiOS7.0.0 <= 7.0.17affected
FortinetFortiProxy7.6.0 <= 7.6.3affected
FortinetFortiProxy7.4.0 <= 7.4.10affected
FortinetFortiProxy7.2.0 <= 7.2.14affected
FortinetFortiProxy7.0.0 <= 7.0.21affected

Weaknesses

  • CWE-347: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

Additional References

References