CVE-2025-59718

CRITICAL(9.8)KEV — Aktiv ausgenutzt

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Risk Signal Score58/100 — HOCH

CVSS 9.8 — Kritisch
Im CISA KEV-Katalog (aktiv ausgenutzt)

CISA KEV

Bestätigt ausgenutzt

EPSS-Score

12%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.8

Technische Schwere

Beschreibung

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Referenzen

https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-...
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...