Cryptographic Signature Flaw in Fortinet FortiOS and FortiProxy Products
CVE-2025-59718

9.1CRITICAL

Key Information:

Vendor

Fortinet
Status
FortiOS
Fortiproxy
Fortiswitchmanager
Vendor
CVE Published:
9 December 2025

Badges

📈 Trended📈 Score: 4,760👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-59718?

CVE-2025-59718 is a severe security vulnerability affecting Fortinet's FortiOS and FortiProxy products, specifically from versions 7.0.0 up to 7.6.3. This flaw pertains to improper verification of cryptographic signatures, which can be exploited by unauthorized attackers. The vulnerability allows an attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication through the manipulation of SAML (Security Assertion Markup Language) response messages. If successfully exploited, organizations may find themselves at significant risk, as this could lead to unauthorized access to sensitive information and systems, as well as potential manipulation or disruption of services.

Given that Fortinet's products are widely utilized in network security infrastructures, the implications of this vulnerability can be far-reaching. Organizations that depend on FortiOS and FortiProxy for critical security functionalities must be aware of the potential for exposure, as the breach could facilitate further attacks or unauthorized actions within their network environments.

Potential impact of CVE-2025-59718

  1. Unauthorized System Access: The primary impact of CVE-2025-59718 is the potential for unauthorized access to systems and data. Attackers can exploit the vulnerability to bypass authentication mechanisms, which may lead to unrestricted data retrieval and manipulation within the organization's network.

  2. Increased Risk of Data Breaches: With the ability to bypass security measures, organizations become more susceptible to data breaches. Sensitive information may be compromised, leading to severe consequences, including regulatory fines, loss of customer trust, and reputational damage.

  3. Disruption of Services: The vulnerability can be leveraged to disrupt normal operations by allowing attackers to manipulate service configurations or deploy malicious actions that could result in operational downtime, impacting business continuity and service delivery.

CISA has reported CVE-2025-59718

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-59718 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiOS 7.6.0 <= 7.6.3

FortiOS 7.4.0 <= 7.4.8

FortiOS 7.2.0 <= 7.2.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-59718-Fortinet-Poc
Created by moften

Blackash-CVE-2025-59718
Created by Ashwesker

CVE-2025-59718-PoC
Created by exfil0

News Articles

favicon imageHelp Net Security

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? - Help Net Security

CVE-2025-59718, an auth bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to have persisted.

6 days ago

favicon imageBleepingComputer

Fortinet confirms critical FortiCloud auth bypass not fully patched

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December.

6 days ago

favicon imageBleepingComputer

Hackers breach Fortinet FortiGate devices, steal firewall configs

Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf.

1 week ago

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by gbhackers.com

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.