Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2025121601120909 | Publication Time | 2025/12/16 13:12 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/12/16 13:12 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Fortinet Releases a Critical Security Advisory for Multiple Products (CVE-2025-59718) (CVE-2025-59719) |
|||
|
[Content] 【CVE-2025-59719, CVSS: 9.8】FortiWeb contains an authentication bypass vulnerability. Unauthenticated attackers can exploit specially crafted SAML messages to bypass the FortiCloud SSO authentication mechanism. |
|||
|
[Affected Platform] FortiOS versions 7.6.0 through 7.6.3 FortiOS versions 7.4.0 through 7.4.8 FortiOS versions 7.2.0 through 7.2.11 FortiOS versions 7.0.0 through 7.0.17 FortiProxy versions 7.6.0 through 7.6.3 FortiProxy versions 7.4.0 through 7.4.10 FortiProxy versions 7.2.0 through 7.2.14 FortiProxy versions 7.0.0 through 7.0.21 FortiSwitchManager versions 7.2.0 through 7.2.6 FortiSwitchManager versions 7.0.0 through 7.0.5 【CVE-2025-59719】 FortiWeb versions 7.4.0 through 7.4.9 FortiWeb versions 7.6.0 through 7.6.4 FortiWeb version 8.0.0 |
|||
|
[Recommended Actions] FortiOS versions 7.6.4 and later FortiOS versions 7.4.9 and later FortiOS versions 7.2.12 and later FortiOS versions 7.0.18 and later FortiProxy versions 7.6.4 and later FortiProxy versions 7.4.11 and later FortiProxy versions 7.2.15 and later FortiProxy versions 7.0.22 and later FortiSwitchManager versions 7.2.7 and later FortiSwitchManager versions 7.0.6 and later 【CVE-2025-59719】Please update to the following versions: FortiWeb versions 7.4.10 and later FortiWeb versions 7.6.5 and later FortiWeb versions 8.0.1 and later |
|||
| [Reference] |
|||