CVE-2025-59719
Published: 09 December 2025
Summary
CVE-2025-59719 is a critical-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Fortinet Fortiweb. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-59719 by requiring timely application of Fortinet patches to fix the improper cryptographic signature verification in FortiWeb SAML processing.
Mandates verification of information integrity using cryptographic signatures, preventing bypass via crafted SAML responses lacking proper validation.
Implements cryptographic mechanisms to protect authentication data, directly addressing the improper signature verification flaw in FortiCloud SSO SAML responses.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote attackers to exploit a public-facing web application (FortiWeb management interface) by crafting a SAML response that bypasses signature verification, granting unauthorized access.
NVD Description
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Deeper analysisAI
CVE-2025-59719 is an improper verification of cryptographic signature vulnerability, classified under CWE-347, affecting Fortinet FortiWeb versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9. Published on 2025-12-09, the issue enables an unauthenticated attacker to bypass FortiCloud SSO login authentication by submitting a crafted SAML response message that evades signature checks. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, and severe impacts on confidentiality, integrity, and availability.
An unauthenticated attacker can exploit this vulnerability remotely without privileges or user interaction. By crafting a SAML response message that exploits the improper signature verification, the attacker bypasses FortiCloud SSO authentication, gaining unauthorized access to the affected FortiWeb instance.
Mitigation details are provided in the Fortinet PSIRT advisory FG-IR-25-647, available at https://fortiguard.fortinet.com/psirt/FG-IR-25-647.
Details
- CWE(s)