CVE-2025-59718 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2…
Critical KEV CVSS: 9.8

CVE-2025-59718

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Vendor
Fortinet
Product
Fortiproxy
CWE
CWE-347
Yayın Tarihi
2025-12-09 18:15:54
Güncelleme
2025-12-17 13:54:45
Source Identifier
psirt@fortinet.com
KEV Date Added
2025-12-16

Kategoriler

CWE-347 Fortiproxy CRITICAL Fortinet 2025

Referanslar

https://fortiguard.fortinet.com/psirt/FG-IR-25-647 https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718