CVE-2025-59718

None

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

INFO

Published Date :

2025-12-09T17:20:11.783Z

Last Modified :

2026-03-20T12:39:05.952Z

Source :

fortinet

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59718 vulnerability.

Vendors	Products
Fortinet	Fortios Fortiproxy Fortiswitchmanager

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59718.

URL	Resource
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact