CVE-2025-59719CRITICAL 9.8EPSS p97.5%

CVE-2025-59719CVE-2025-59719

fortinet / fortiweb

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS23.67% probability of exploitation · percentile 97.5% · 2026-06-18T12:00:27Z
Published2025-12-09
Last modified2026-06-09

Underlying weaknesses· 1

CWE-347

References

  1. https://fortiguard.fortinet.com/psirt/FG-IR-25-647

1

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
CVE
CVE-2025-64447
CVE
CVE-2025-52970
CVE
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CVE
CVE-2025-53847
CVE
CVE-2025-22256
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.