Severity
High
Analysis Summary
CVE-2025-59719 CVSS:9.8
Fortinet FortiWeb may allow an attacker to bypass the FortiCloud SSO login authentication via a specially crafted SAML response message, caused by an improper verification of cryptographic signature vulnerability.
CVE-2025-59718 CVSS:9.8
Fortinet FortiOS allows an attacker to bypass the FortiCloud SSO login authentication using a specially crafted SAML response message, caused by improper verification of cryptographic signature vulnerability.
CVE-2025-53679 CVSS:6.9
An improper neutralization of special elements used in an OS command Injection vulnerability in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
CVE-2025-54353 CVSS:5.4
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web interface. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2025-53949 CVSS:7.2
Fortinet FortiSandbox may allow an authenticated attacker to execute unauthorized code on the underlying system using specially crafted HTTP requests, caused by an OS command vulnerability.
Impact
- Gain Access
- Security Bypass
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-59719
CVE-2025-59718
CVE-2025-53679
CVE-2025-54353
CVE-2025-53949
Affected Vendors
- Fortinet
Affected Products
- Fortinet Fortiweb
- Fortinet FortiOS 7.6.0
- Fortinet FortiProxy
- Fortinet FortiSwitchManager
- Fortinet FortiSandbox 5.0.0
Remediation
Refer to Fortinet Security Advisory for patch, upgrade or suggested workaround information.