Critical SAML authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allowing unauthenticated attackers to bypass FortiCloud SSO login authentication via crafted SAML response messages. CISA has confirmed active exploitation of this vulnerability.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-12-09
Added to CISA KEV: 2025-12-16 7 DAYS BETWEEN CVE AND KEV
This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially ...Read more
Description. A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through ...Read more
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.Read more
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.Read more
CVE-2025-0282. Ivanti Connect Secure Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.