CVE-2025-59718
KEV
🔴 Łataj teraz
Nieprawidłowa weryfikacja podpisu kryptograficznego w FortiOS umożliwia obejście uwierzytelnienia SSO.
CVSS
9.8
EPSS
12.1%
Exploit
weaponized
Vendor
fortinet
Opis źródłowy (NVD)
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 12.1% |
| Opublikowano (NVD) | 2025-12-09 18:15:54 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-09 12:47:10 UTC |
Referencje
- https://fortiguard.fortinet.com/psirt/FG-IR-25-647 (psirt@fortinet.com) [Vendor Advisory]
- https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/ (134c704f-9b21-4f2e-91b3-4a467353bcc0) [Third Party Advisory]
- https://cert-portal.siemens.com/productcert/html/ssa-864900.html (0b142b55-0307-4c5a-b3c9-f314f3fb7c5e) [Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59718 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]