🔴 CVE-2025-59718

Critical SAML authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allowing unauthenticated attackers to bypass FortiCloud SSO login authentication via crafted SAML response messages. CISA has confirmed active exploitation of this vulnerability.

← Back to Overview
HIGH_RISK
Risk Level
9.1
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-09

Added to CISA KEV: 2025-12-16 7 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-12-16)

Based on the search results, here's what is known about the CVE-2025-59718 vulnerability exploitation:

  • Description: CVE-2025-59718 is an improper verification of cryptographic signature vulnerability in Fortinet FortiOS versions 7.6.0 through 7.6.3, and 7.4.0 through [2]
  • CISA KEV Status: CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [3][4]
  • Active Exploitation: There is evidence of active exploitation of this vulnerability [3]
  • Affected Systems: This vulnerability degrades security for public exposed endpoints and may allow arbitrary local file inclusion [1]
  • Attack Vectors: Frequent attack vectors for malicious cyber actors [5][6]
While the search results confirm active exploitation and inclusion in the CISA KEV catalog, details regarding specific attack vectors, exploitation methods, use in targeted attacks, and technical details about internet exploitability are not fully elaborated in the provided context. However, one source mentions it affects public exposed endpoints, suggesting it impacts internet-facing applications or services [1].

Sources

  1. Known Exploited Vulnerabilities Catalog

    This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially ...Read more…

  2. CVE Record: CVE-2025-59718

    Description. A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through ...Read more…

  3. CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.Read more…

  4. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.Read more…

  5. CISA Adds One Vulnerability to the KEV Catalog | CISA

    CVE-2025-0282. Ivanti Connect Secure Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed