Cyber Posture

CVE-2025-59719

Critical

Published: 09 December 2025

Published
09 December 2025
Modified
09 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0045 63.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2025-59719 by requiring timely application of Fortinet patches to fix the improper cryptographic signature verification in FortiWeb SAML processing.

SI-7 Software, Firmware, and Information Integrity good match
prevent

Mandates verification of information integrity using cryptographic signatures, preventing bypass via crafted SAML responses lacking proper validation.

SC-13 Cryptographic Protection good match
prevent

Implements cryptographic mechanisms to protect authentication data, directly addressing the improper signature verification flaw in FortiCloud SSO SAML responses.

Security SummaryAI

CVE-2025-59719 is an improper verification of cryptographic signature vulnerability, classified under CWE-347, affecting Fortinet FortiWeb versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9. Published on 2025-12-09, the issue enables an unauthenticated attacker to bypass FortiCloud SSO login authentication by submitting a crafted SAML response message that evades signature checks. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, and severe impacts on confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability remotely without privileges or user interaction. By crafting a SAML response message that exploits the improper signature verification, the attacker bypasses FortiCloud SSO authentication, gaining unauthorized access to the affected FortiWeb instance.

Mitigation details are provided in the Fortinet PSIRT advisory FG-IR-25-647, available at https://fortiguard.fortinet.com/psirt/FG-IR-25-647.

Details

CWE(s)
CWE-347

Affected Products

fortinet
fortiweb
8.0.0 · 7.4.0 — 7.4.9 · 7.6.0 — 7.6.4

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables unauthenticated remote attackers to exploit a public-facing web application (FortiWeb management interface) by crafting a SAML response that bypasses signature verification, granting unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References