⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2025-59718
Critical CISA KEVVulnerability Description
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References & Resources
-
https://fortiguard.fortinet.com/psirt/FG-IR-25-647psirt@fortinet.com Vendor Advisory
-
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/134c704f-9b21-4f2e-91b3-4a467353bcc0 Third Party Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718134c704f-9b21-4f2e-91b3-4a467353bcc0 US Government Resource
Severity Details
CISA KEV Status
Listed in CISA's Known Exploited Vulnerabilities catalog
Key Information
- Published Date
- December 09, 2025
