Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2025-59718 -- CVSS 9.8 Vulnerability Briefing

CVE-2025-59718 | CVSS 9.8 (Critical) | Exploit: PoC available

What Is It

CVE-2025-59718 is an improper cryptographic signature verification vulnerability affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager that allows unauthenticated attackers to bypass FortiCloud SSO login authentication.

Technical Detail

The flaw resides in the FortiCloud SSO authentication mechanism, where the affected products fail to properly verify cryptographic signatures during the login process. An unauthenticated remote attacker can exploit this by submitting a crafted authentication request that passes signature validation without possessing valid credentials, effectively bypassing the SSO login gate entirely. Successful exploitation grants unauthorized access to the management plane of affected FortiOS, FortiProxy, and FortiSwitchManager instances, with the scope of access dependent on the privileges associated with the bypassed session context.

Exploitation Status

A proof-of-concept exploit is publicly available. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog, and there is no confirmed evidence of active in-the-wild exploitation at this time. However, the public availability of a PoC, combined with the critical CVSS score of 9.8 and the unauthenticated attack vector, significantly lowers the barrier for exploitation and increases the likelihood of active abuse in the near term.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Fortinet edge devices and management platforms have historically been targeted by state-sponsored actors and ransomware operators, but no campaigns or actor groups have been formally linked to exploitation of this specific vulnerability.

What To Do

Organizations should treat this as a high-priority patch given the critical severity, unauthenticated attack vector, and public PoC availability. Apply vendor-supplied patches for the affected version ranges: FortiOS 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, 7.4.0 through 7.4.8, and 7.6.0 through 7.6.3; FortiProxy 7.0.0 through 7.0.21, 7.2.0 through 7.2.14, 7.4.0 through 7.4.10, and 7.6.0 through 7.6.3; and FortiSwitchManager 7.0.0 through 7.0.5 and 7.2.0 through 7.2.6. Where immediate patching is not possible, restrict management interface access to trusted IP ranges and disable FortiCloud SSO if it is not operationally required. Monitor authentication logs for anomalous SSO login attempts, particularly those originating from unexpected source addresses or exhibiting malformed token structures.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →