CVE-2025-59719

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.4.0 through 7.4.9 Fortinet FortiWeb versions 7.6.0 through 7.6.4 Fortinet FortiWeb version 8.0.0

Description An improper verification of cryptographic signature exists that may allow an unauthenticated attacker to bypass FortiCloud SSO login authentication. This is achieved by sending a crafted SAML response message.

Recommendations Fortinet FortiWeb versions 7.4.0 through 7.4.9 should be updated. Fortinet FortiWeb versions 7.6.0 through 7.6.4 should be updated. Fortinet FortiWeb version 8.0.0 should be updated.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2025-59719

Affected Products

Fortiweb

CVE-2025-59719

Weakness Enumeration

Related Identifiers

Affected Products

References · 50