top of page
perceptive_background_267k.jpg

Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauth…

Published:

16 December 2025 at 00:00:00

Alert date:

16 December 2025 at 19:00:38

Source:

cisa.gov

Click to open the original link from this advisory

Multiple Fortinet products including FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability. This flaw allows unauthenticated attackers to bypass FortiCloud SSO login authentication through crafted SAML messages. The vulnerability is classified as high severity and affects critical network security infrastructure. CVE-2025-59719 relates to the same issue and is covered in the same vendor advisory. Organizations should prioritize patching these vulnerabilities due to their potential impact on authentication systems.

Technical details

Mitigation steps:

Affected products:

FortiOS
FortiSwitchMaster
FortiProxy
FortiWeb

Related links:

https://docs.fortinet.com/upgrade-tool/fortigate
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://nvd.nist.gov/vuln/detail/CVE-2025-59718

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page