- Two critical flaws in SAML signing (CVE‑2025‑59718/59719) allow attackers to bypass SSO on multiple Fortinet products
- The exploit began on December 12, when intruders extracted configuration files that exposed network layouts and hashed passwords.
- Fortinet urges to disable FortiCloud login and immediately upgrade to the listed patched versions
Two new critical vulnerabilities have been discovered in Fortinet products, and because they are being actively abused, both the company and security researchers are urging users to update to the latest version as soon as possible.
In a recently published security advisory (through beepcomputer), Fortinet said it discovered an SSO authentication bypass bug in FortiOS, FortiProxy, and FortiSwitchManager, caused by inadequate verification of cryptographic signatures in SAML messages.
As a result, a threat actor can send a maliciously crafted SAML assertion and log in without the proper credentials.
Disable FortiCloud login
The bug is tracked as CVE-2025-59718 and was assigned a severity score of 9.8/10 (critical). Affects multiple versions of the products:
FortiOS 7.6.0 to 7.6.3,
7.4.0 to 7.4.8,
7.2.0 to 7.2.1,
7.0.0 to 7.0.17,
FortiProxy 7.6.0 to 7.6.3,
7.4.0 to 7.4.10,
7.2.0 to 7.2.14,
7.0.0 to 7.0.21
FortiSwitchManager 7.2.0 to 7.2.6,
7.0.0 to 7.0.5
The second vulnerability is also an SSO authentication bypass, but this time in FortiWeb. It is due to a similar error with the validation of cryptographic signatures of SAML messages. This is tracked as CVE-2025-59719 and also has a severity score of 9.8/10 (critical).
Affected versions include:
8.0.0
7.6.0 to 7.5.4,
7.4.0 to 7.4.9.
At the same time, security researchers Arctic Wolf claim that cybercriminals began exploiting the bugs on December 12 and using them to download system configuration files. That allows them to expose network layouts, Internet-connected devices, firewall settings, and possibly even hashed passwords.
To defend against such intrusions, Fortinet suggests administrators running vulnerable versions disable the FortiCloud login feature and upgrade to a cleaner version as soon as possible, including any of these:
FortiOS 7.6.4+, 7.4.9+, 7.2.12+ and 7.0.18+
FortiProxy 7.6.4+, 7.4.11+, 7.2.15+, 7.0.22+
FortiSwitchManager 7.2.7+, 7.0.6+
FortiWeb 8.0.1+, 7.6.5+, 7.4.10+
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
