CISA has formally added CVE-2025-59718 to its Recognized Exploited Vulnerabilities (KEV) catalog on December 16, 2025.
Designating a essential deadline of December 23, 2025, for organizations to use essential remediation measures.
This motion displays the vulnerability’s energetic exploitation within the wild and the instant risk it poses to enterprise networks.
The vulnerability impacts a number of Fortinet safety merchandise, together with FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb.
The flaw lies within the improper verification of cryptographic signatures, permitting unauthenticated attackers to bypass FortiCloud Single Signal-On (SSO) authentication by way of specifically crafted SAML messages.
This authentication bypass vulnerability offers a direct path to unauthorized community entry with out requiring legitimate credentials.
Fortinet has addressed this subject via vendor advisories, with directors instructed to use all accessible patches instantly.
DetailInformationCVE IDCVE-2025-59718CWE ClassificationCWE-347 (Improper Verification of Cryptographic Signature)Vulnerability TypeAuthentication Bypass by way of SAMLAttack VectorUnauthenticated, Community-based
A associated vulnerability, CVE-2025-59719, pertains to the identical underlying subject and is documented in the identical advisory, requiring complete patching throughout affected programs.
The vulnerability is assessed below CWE-347 (Improper Verification of Cryptographic Signature), highlighting the particular weak point within the authentication mechanism.
CISA’s inclusion within the KEV catalog mandates compliance with federal safety steering, notably for businesses working cloud companies.
Organizations should observe relevant BOD 22-01 steering when implementing cloud-based Fortinet options.
For environments the place patches can’t be instantly deployed, CISA recommends discontinuing product use till mitigations can be found and verified.
The timing of this KEV addition is critical, as energetic exploitation signifies risk actors are already leveraging this vulnerability in operational assaults.
Nevertheless, CISA’s present evaluation doesn’t conclusively hyperlink the vulnerability to ransomware campaigns, although this classification might evolve as risk intelligence develops.
Safety groups ought to prioritize remediation of CVE-2025-59718 inside their patch administration cycles. Significantly for edge safety home equipment and net utility firewalls which may be straight uncovered to the web.
Organizations operating affected Fortinet merchandise ought to instantly audit their deployment stock.
And provoke emergency patching procedures earlier than the December 23 deadline to keep up compliance and stop credential-free community intrusion.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
