CVE-2025-59718

⛔ critical

Summary

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a craf

Description

CVSS Score

9.8

Critical

EPSS Score

12.1

Exploit Probability

Published Date

2025-12-09

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.5% of all 327,350 vulnerabilities in our database.

#31,115

Top 10% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: Dec 17, 2025

🔍 Exploitation Status

Active

Exploits detected in the wild

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Total

Complete system compromise possible

SSVC data provided by CISA

Last Modified 2026-06-09

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-347

📦 Affected Products 11

Vendor	Product	Status	Affected Versions
fortinet	fortios	Affected	≥ 7.0.0 < 7.0.18
fortinet	fortios	Affected	≥ 7.2.0 < 7.2.12
fortinet	fortios	Affected	≥ 7.4.0 < 7.4.9
fortinet	fortios	Affected	≥ 7.6.0 < 7.6.4
fortinet	fortiproxy	Affected	≥ 7.0.0 < 7.0.22
fortinet	fortiproxy	Affected	≥ 7.2.0 < 7.2.15
fortinet	fortiproxy	Affected	≥ 7.4.0 < 7.4.11
fortinet	fortiproxy	Affected	≥ 7.6.0 < 7.6.4
siemens	ruggedcom_ape1808_firmware	Affected	v-
fortinet	fortiswitchmanager	Affected	≥ 7.0.0 < 7.0.6
fortinet	fortiswitchmanager	Affected	≥ 7.2.0 < 7.2.7

🔗 References 4

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Vendor Advisory

https://arcticwolf.com/resources/blog/arctic-wolf-ob...

Third Party Advisory

https://cert-portal.siemens.com/productcert/html/ssa...

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities...

US Government Resource

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-67862	🔶 medium	6.7	0.0	An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet Forti...	2026-06-09
CVE-2026-0257	⛔ critical	9.1	60.5	Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software al...	2026-05-13
CVE-2025-53844	⚠️ high	8.8	0.0	A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 ...	2026-05-12
CVE-2025-53847	🔶 medium	6.5	0.0	A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro...	2026-04-14
CVE-2025-55018	🔶 medium	5.8	0.1	An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, Fort...	2026-02-10
CVE-2025-64157	🔶 medium	6.7	0.0	A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 throug...	2026-02-10

These CVEs affect the same products