CVE-2025-59719

Summary

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb8.0.0affected
FortinetFortiWeb7.6.0 <= 7.6.4affected
FortinetFortiWeb7.4.0 <= 7.4.9affected

Weaknesses

  • CWE-347: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

Additional References

References