CVE-2025-59719

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59719

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59719.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59719

Published

2025-12-09T18:15:55.150Z

Modified

2026-03-13T03:39:35.060423Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59719.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "7.4.0"
            },
            {
                "last_affected": "7.4.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.6.0"
            },
            {
                "last_affected": "7.6.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.0"
            }
        ]
    }
]