CVE-2025-59719 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
fortinet	CNA	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Affected Products (NVD)

Vendor	Product	Version
fortinet	fortiweb	7.4.0 ≤ 𝑥 ≤ 7.4.9
fortinet	fortiweb	7.6.0 ≤ 𝑥 ≤ 7.6.4
fortinet	fortiweb	8.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-347 - Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Vulnerability Media Exposure

[ENGLISH] ⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals.
Published: 2026-01-26T17:25:00+05:30
[GERMAN] Fortinet kämpft weiter gegen laufende SSO-Admin-Attacken
Angreifer attackieren schon länger diverse Fortinet-Produkte. Ein funktionierendes Sicherheitsupdate fehlt nach wie vor. Ein temporärer Schutz soll helfen.
Published: 2026-01-28T08:31:00+00:00
[ENGLISH] Fortinet unearths another critical bug as SSO accounts borked post-patch
More work for admins on the cards as they await a full dump of fixes Things aren't over yet for Fortinet customers – the security shop has disclosed yet another critical FortiCloud SSO vulnerability.…
Published: 2026-01-28T16:30:10+00:00
[GERMAN] Neue SSO-Schwachstelle in FortiCloud wird aktiv ausgenutzt
Eine kritische Sicherheitslücke, die erneut die SSO-Anmeldung von Fortinets FortiCloud betrifft, wird aktiv ausgenutzt. Angreifer sind dadurch in der Lage, sich auf anderen Geräten anzumelden. Fortinet-Kunden sollten ihre Systeme dringend aktualisieren, um langfristige Risiken zu minimieren.
Published: 2026-02-03T07:00:00+01:00

References

https://fortiguard.fortinet.com/psirt/FG-IR-25-647