IM
IronMonkey Threat Research

CVE-2025-59718 CRITICAL

Published: 2025-12-09 | Last Modified: 2026-06-09 | Status: Modified

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Additional Descriptions (1)

Una vulnerabilidad de verificación incorrecta de firma criptográfica en Fortinet FortiOS 7.6.0 hasta 7.6.3, FortiOS 7.4.0 hasta 7.4.8, FortiOS 7.2.0 hasta 7.2.11, FortiOS 7.0.0 hasta 7.0.17, FortiProxy 7.6.0 hasta 7.6.3, FortiProxy 7.4.0 hasta 7.4.10, FortiProxy 7.2.0 hasta 7.2.14, FortiProxy 7.0.0 hasta 7.0.21, FortiSwitchManager 7.2.0 hasta 7.2.6, FortiSwitchManager 7.0.0 hasta 7.0.5 permite a un atacante no autenticado eludir la autenticación de inicio de sesión SSO de FortiCloud a través de un mensaje de respuesta SAML manipulado.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 5.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-347

Affected Products

Vendor Product Version Update Type
fortinet fortiproxy * <built-in method update of dict object at 0x7d1e5f792c40> Application
fortinet fortiproxy * <built-in method update of dict object at 0x7d1e6c96cd40> Application
fortinet fortiproxy * <built-in method update of dict object at 0x7d1e6c96dd80> Application
fortinet fortiproxy * <built-in method update of dict object at 0x7d1e5fe08980> Application
fortinet fortiswitchmanager * <built-in method update of dict object at 0x7d1e5f793bc0> Application
fortinet fortiswitchmanager * <built-in method update of dict object at 0x7d1ebce839c0> Application
fortinet fortios * <built-in method update of dict object at 0x7d1e5fe0b540> Operating System
fortinet fortios * <built-in method update of dict object at 0x7d1e5f790a80> Operating System
fortinet fortios * <built-in method update of dict object at 0x7d1e643b6000> Operating System
fortinet fortios * <built-in method update of dict object at 0x7d1e5f7928c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

References

Notification
Message here