THREATOPS
THREAT OPSCVEs › CVE-2025-59718

CVE-2025-59718 — Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability

CISA KEVExploited: confirmedFortinet

Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.

Vulnerability details

Related reporting