CVE-2025-59719

Name: CVE-2025-59719 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2025-59719

CRITICAL

CVSS v3.1: 9.8 · EPSS: 0.0028 (51.8 percentile)

NetworkNo privilegesNo user interactionVendor advisory ref

Source data as of: 2026-06-10 05:05:15 UTC

At a glance

Severity: CRITICAL
CVSS: 9.8 v3.1 · NVD
EPSS: 0.0028 (51.8 percentile) · FIRST.org
CISA KEV: No
Attack conditions (CVSS vector): NetworkNo privilegesNo user interaction · Source: NVD Vector
Affected vendors: fortinet
Published: 2025-12-09 · Modified: 2026-06-09
References: Jump to references (2)

CVSS / EPSS / KEV

CVSS v3.1 9.8 / 10 CRITICAL Source: NVD

EPSS 0.0028 51.8 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Record details

CVE ID: CVE-2025-59719
CVSS (v3.1): 9.8 (CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability subscore: 3.9
Impact subscore: 5.9
EPSS: 0.0028 (51.8 percentile) — 2026-06-10
CISA KEV: No
Weakness (CWE): CWE-347
Affected vendors: fortinet
Affected configurations (CPE): 3
Published: 2025-12-09
Modified: 2026-06-09
Status: Modified

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

Reference https://fortiguard.fortinet.com/psirt/FG-IR-25-647
Vendor advisory https://cert-portal.siemens.com/productcert/html/ssa-864900.html

← Back to all records

CVE-2025-59719

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year