CVE-2025-59718
CVE-2025-59718
In short
Fortinet products fail to properly verify digital signatures in SAML login messages, allowing attackers to bypass FortiCloud single sign-on authentication without valid credentials. This is critical because it grants unauthorized access to protected systems.
Technical detail
CWE-347 vulnerability in SAML response signature validation across multiple Fortinet products (FortiOS, FortiProxy, FortiSwitchManager). An unauthenticated attacker can craft a malicious SAML response to forge authentication tokens and gain unauthorized access to FortiCloud SSO-protected resources, with no pre-authentication required.
Summary generated and translated by AI from the official description.
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
public PoCs found — 2
githubgithub.com/exfil0/CVE-2025-59718-PoC★ 6githubgithub.com/moften/CVE-2025-59718-Fortinet-Poc★ 3⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/https://cert-portal.siemens.com/productcert/html/ssa-864900.htmlhttps://fortiguard.fortinet.com/psirt/FG-IR-25-647https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718