CVE-2025-59719

CRITICAL EXPLOITED

FortiWeb 7.4.0-7.4.9, 7.6.0-7.6.4, 8.0.0 - Unauthenticated SAML Authentication Bypass via Crafted SAML Response

Title source: llm

Exploitation Summary

CVE-2025-59719 has been observed exploited in the wild (reported by VulnCheck KEV, ENISA EUVD). EIP tracks 1 public exploit from researchers including moften.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting vulnerabilities CVE-2025-59718 and CVE-2025-59719 in Fortinet devices (FortiOS, FortiProxy, FortiSwitchManager, FortiWeb). It supports passive fingerprinting, active non-destructive checks, and authenticated SSH scans, with structured JSON output.

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Exploits (1)

github SCANNER 2 stars

by moften · pythonpoc

https://github.com/moften/CVE-2025-59718-Fortinet-Poc

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting vulnerabilities CVE-2025-59718 and CVE-2025-59719 in Fortinet devices (FortiOS, FortiProxy, FortiSwitchManager, FortiWeb). It supports passive fingerprinting, active non-destructive checks, and authenticated SSH scans, with structured JSON output.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Fortinet FortiOS, FortiProxy, FortiSwitchManager, FortiWeb (versions 7.0.x-7.6.x)

Auth required

Prerequisites: Network access to target device · Optional SSH credentials for authenticated checks

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-864900.html

Scores

CVSS v3 9.8

EPSS 0.0028

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-12-15

ENISA EUVD EUVD-2025-202191

CWE

CWE-347

Status published

Products (5)

fortinet/fortiweb 8.0.0

fortinet/fortiweb 7.4.0 - 7.4.9

Fortinet/FortiWeb 7.4.0 - 7.4.9

Fortinet/FortiWeb 7.6.0 - 7.6.4

Fortinet/FortiWeb 8.0.0

Published Dec 09, 2025

Tracked Since Feb 18, 2026