PRP: Fortinet FortiWeb CVE-2025-59719 Authentication Bypass

[SABITHSAHEB]

• Identifier of the vulnerability: CVE-2025-59719

• Affected software: Fortinet FortiWeb

• Type of vulnerability: Authentication Bypass

• Requires authentication: No (The vulnerability is unauthenticated. Detection will not require credentials.)

• Language you would use for writing the plugin: Java (HTTP-based detection fits Tsunami's Java plugin framework)

• Resources:

  • https://nvd.nist.gov/vuln/detail/CVE-2025-59719
  • Fortinet PSIRT advisory (FG-IR-25-647)
  • Vendor release notes describing fixed versions

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team