CVE-2025-59719
Modified
Modified - Updated After Analysis
BaseFortify
Vulnerability report for CVE-2025-59719, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-09
Last updated on: 2026-06-09
Assigner: Fortinet, Inc.
Description
Description
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fortinet | fortiweb | From 7.4.0 (inc) to 7.4.9 (inc) |
| fortinet | fortiweb | From 7.6.0 (inc) to 7.6.4 (inc) |
| fortinet | fortiweb | 8.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |