CVE-2025-59718

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-59718
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-25-647 Vendor Advisory
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718 US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*
History

09 Jun 2026, 12:47

Type Values Removed Values Added
First Time Siemens
Siemens ruggedcom Ape1808 Firmware
Siemens ruggedcom Ape1808
References () https://cert-portal.siemens.com/productcert/html/ssa-864900.html - () https://cert-portal.siemens.com/productcert/html/ssa-864900.html - Third Party Advisory
CPE cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*

09 Jun 2026, 10:16

Type Values Removed Values Added
References
  • () https://cert-portal.siemens.com/productcert/html/ssa-864900.html -
Summary
  • (es) Una vulnerabilidad de verificación incorrecta de firma criptográfica en Fortinet FortiOS 7.6.0 hasta 7.6.3, FortiOS 7.4.0 hasta 7.4.8, FortiOS 7.2.0 hasta 7.2.11, FortiOS 7.0.0 hasta 7.0.17, FortiProxy 7.6.0 hasta 7.6.3, FortiProxy 7.4.0 hasta 7.4.10, FortiProxy 7.2.0 hasta 7.2.14, FortiProxy 7.0.0 hasta 7.0.21, FortiSwitchManager 7.2.0 hasta 7.2.6, FortiSwitchManager 7.0.0 hasta 7.0.5 permite a un atacante no autenticado eludir la autenticación de inicio de sesión SSO de FortiCloud a través de un mensaje de respuesta SAML manipulado.

17 Dec 2025, 13:54

Type Values Removed Values Added
References () https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ - () https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ - Third Party Advisory
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718 - US Government Resource

16 Dec 2025, 19:15

Type Values Removed Values Added
References
  • () https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ -
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718 -

09 Dec 2025, 20:05

Type Values Removed Values Added
References () https://fortiguard.fortinet.com/psirt/FG-IR-25-647 - () https://fortiguard.fortinet.com/psirt/FG-IR-25-647 - Vendor Advisory
CPE cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
First Time Fortinet
Fortinet fortiproxy
Fortinet fortios
Fortinet fortiswitchmanager

09 Dec 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-09 18:15

Updated : 2026-06-09 12:47

NVD link : CVE-2025-59718

Mitre link : CVE-2025-59718

CVE.ORG link : CVE-2025-59718

JSON object : View

Products Affected

fortinet

  • fortiswitchmanager
  • fortios
  • fortiproxy

siemens

  • ruggedcom_ape1808_firmware
  • ruggedcom_ape1808
CWE
CWE-347

Improper Verification of Cryptographic Signature