CRITICAL🇵🇱 Wersja polska

CVE-2025-59719

CVSS 9.8v3.1pub. 2025-12-09upd. 2026-06-09

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

🤖 AI Analysis
How it works

The attacker sends a crafted SAML response message that is not properly verified for cryptographic signature by vulnerable versions of FortiWeb. Since FortiWeb accepts an unsigned or improperly signed SAML response, the attacker can impersonate any user, including an administrator, and gain access to the management panel without knowledge of authentication credentials. The attack requires no privileges or user interaction, and the network vector means it can be conducted remotely.

Impact

An unauthenticated attacker can gain full control over the FortiWeb management interface, potentially resulting in configuration disclosure, modification of WAF security rules, and threats to the availability of protected infrastructure.

Mitigation & patch

Apply patches available from the vendor according to the references (https://fortiguard.fortinet.com/psirt/FG-IR-25-647). Until the update is applied, it is recommended to restrict access to the management interface and disable authentication via FortiCloud SSO if not essential.

Who is affected

Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 – 7.6.4, FortiWeb 7.4.0 – 7.4.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fortinet Fortiweb

    APP
    Fortinet
    8.0.07.4.0 – 7.4.97.6.0 – 7.6.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-64446CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Path Traversal w Fortinet FortiWeb umożliwiający zdalne wykonanie poleceń

CVE-2025-25257CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność SQL Injection w Fortinet FortiWeb — obejście uwierzytelnienia

CVE-2023-25610CRITICAL9.8PL ✓ten sam produkt

Buffer Underflow w interfejsie administracyjnym Fortinet FortiOS / FortiProxy — RCE bez uwierzytelnienia

CVE-2021-42761CRITICAL9.0ten sam produkt

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 al...