7 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Improper Verification of Cryptographic Signature in Fortinet Products
CVSS Score: 9.6 (Critical)
Identifier: CVE-2025-59718, CVE-2025-59719
Exploit or Proof of Concept (PoC): There is currently no public proof-of-concept and no confirmed in-the-wild exploitation reported by Fortinet.
Update:
Fortinet PSIRT Advisory:
https://www.fortiguard.com/psirt/FG-IR-25-647
Affected versions and required upgrades:
Affected versions and required upgrades:
- FortiOS 7.6: affected versions 7.6.0 through 7.6.3 → upgrade to 7.6.4 or above
- FortiOS 7.4: affected versions 7.4.0 through 7.4.8 → upgrade to 7.4.9 or above
- FortiOS 7.2: affected versions 7.2.0 through 7.2.11 → upgrade to 7.2.12 or above
- FortiOS 7.0: affected versions 7.0.0 through 7.0.17 → upgrade to 7.0.18 or above
- FortiOS 6.4: not affected
- FortiProxy 7.6: affected versions 7.6.0 through 7.6.3 → upgrade to 7.6.4 or above
- FortiProxy 7.4: affected versions 7.4.0 through 7.4.10 → upgrade to 7.4.11 or above
- FortiProxy 7.2: affected versions 7.2.0 through 7.2.14 → upgrade to 7.2.15 or above
- FortiProxy 7.0: affected versions 7.0.0 through 7.0.21 → upgrade to 7.0.22 or above
- FortiSwitchManager 7.2: affected versions 7.2.0 through 7.2.6 → upgrade to 7.2.7 or above
- FortiSwitchManager 7.0: affected versions 7.0.0 through 7.0.5 → upgrade to 7.0.6 or above
- FortiWeb 8.0: affected version 8.0.0 → upgrade to 8.0.1 or above
- FortiWeb 7.6: affected versions 7.6.0 through 7.6.4 → upgrade to 7.6.5 or above
- FortiWeb 7.4: affected versions 7.4.0 through 7.4.9 → upgrade to 7.4.10 or above
- FortiWeb 7.2: not affected
- FortiWeb 7.0: not affected
Description:
CVE-2025-59718 and CVE-2025-59719 is an Improper Verification of Cryptographic Signature vulnerability.
This means that certain Fortinet products incorrectly validate cryptographic signatures applied to files, components, or update mechanisms. As a result, an attacker who can manipulate the signed data or influence validation paths may be able to bypass integrity checks, load unauthorized or tampered files, or undermine the trust chain that protects core system operations.
Mitigation Recommendation:
Apply vendor-provided fixes immediately for all affected Fortinet devices.
Identify devices running FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb that match vulnerable version ranges.
Restrict administrative access to trusted networks until patches are deployed.
Monitor device logs and update workflows for unusual behavior, especially failed or unexpected signature verification events.
