CVE-2025-59718

CRITICAL KEV

Fortinet Fortiproxy < 7.0.22 - Signature Verification Bypass

Title source: rule

Description

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Exploits (3)

nomisec WORKING POC 4 stars
by exfil0 · poc
https://github.com/exfil0/CVE-2025-59718-PoC
github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-59718
nomisec SCANNER 2 stars
by moften · poc
https://github.com/moften/CVE-2025-59718-Fortinet-Poc

References (3)

Scores

CVSS v3 9.8
EPSS 0.0753
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-12-16
VulnCheck KEV 2025-12-15
ENISA EUVD EUVD-2025-202198
CWE
CWE-347
Status published
Products (13)
Fortinet/FortiOS 7.0.0 - 7.0.17
fortinet/fortios 7.0.0 - 7.0.18
Fortinet/FortiOS 7.2.0 - 7.2.11
Fortinet/FortiOS 7.4.0 - 7.4.8
Fortinet/FortiOS 7.6.0 - 7.6.3
Fortinet/FortiProxy 7.0.0 - 7.0.21
fortinet/fortiproxy 7.0.0 - 7.0.22
Fortinet/FortiProxy 7.2.0 - 7.2.14
Fortinet/FortiProxy 7.4.0 - 7.4.10
Fortinet/FortiProxy 7.6.0 - 7.6.3
... and 3 more
Published Dec 09, 2025
KEV Added Dec 16, 2025
Tracked Since Feb 18, 2026