CVE-2025-59719 | THREATINT

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

PUBLISHED Reserved 2025-09-19 | Published 2025-12-09 | Updated 2025-12-10 | Assigner fortinet

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Problem types

Improper access control

Product status

Default status

unaffected

8.0.0

affected

7.6.0 (semver)

affected

7.4.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-25-647

cve.org (CVE-2025-59719)

nvd.nist.gov (CVE-2025-59719)

Download JSON