CVE-2025-59718: A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEV

CISA Known Exploited Vulnerabilitydue 2025-12-23

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
fortinet	forticloud	—	—
fortinet	fortinet	—	—
fortinet	fortios	—	—
fortinet	fortios	>= 7.0.0 < 7.0.18	7.0.18
fortinet	fortios	7.0.0 – 7.0.17	—
fortinet	fortios	>= 7.2.0 < 7.2.12	7.2.12
fortinet	fortios	7.2.0 – 7.2.11	—
fortinet	fortios	>= 7.4.0 < 7.4.9	7.4.9
fortinet	fortios	7.4.0 – 7.4.8	—
fortinet	fortios	>= 7.6.0 < 7.6.4	7.6.4
fortinet	fortios	7.6.0 – 7.6.3	—
fortinet	fortiproxy	—	—
fortinet	fortiproxy	>= 7.0.0 < 7.0.22	7.0.22
fortinet	fortiproxy	7.0.0 – 7.0.21	—
fortinet	fortiproxy	>= 7.2.0 < 7.2.15	7.2.15
fortinet	fortiproxy	7.2.0 – 7.2.14	—
fortinet	fortiproxy	>= 7.4.0 < 7.4.11	7.4.11
fortinet	fortiproxy	7.4.0 – 7.4.10	—
fortinet	fortiproxy	>= 7.6.0 < 7.6.4	7.6.4
fortinet	fortiproxy	7.6.0 – 7.6.3	—
fortinet	fortiswitchmanager	—	—
fortinet	fortiswitchmanager	>= 7.0.0 < 7.0.6	7.0.6
fortinet	fortiswitchmanager	7.0.0 – 7.0.5	—
fortinet	fortiswitchmanager	>= 7.2.0 < 7.2.7	7.2.7
fortinet	fortiswitchmanager	7.2.0 – 7.2.6	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vulncheck9.8CRITICAL

cisa9.8CRITICAL