Attackers can target various Fortinet products and gain unauthorized access, among other things. Security updates are available for download. So far, no reports of ongoing attacks are known. However, admins should not wait too long to patch.
Login Broken
Two "critical" vulnerabilities (CVE-2025-59718, CVE-2025-59719) in FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb are considered particularly dangerous. Under certain conditions, attackers can bypass authentication. In a warning message, the developers state that the vulnerabilities specifically affect FortiCloud’s SSO login. This feature is not active by default.
However, the developers point out that if admins register devices with FortiCare via the respe…
Attackers can target various Fortinet products and gain unauthorized access, among other things. Security updates are available for download. So far, no reports of ongoing attacks are known. However, admins should not wait too long to patch.
Login Broken
Two "critical" vulnerabilities (CVE-2025-59718, CVE-2025-59719) in FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb are considered particularly dangerous. Under certain conditions, attackers can bypass authentication. In a warning message, the developers state that the vulnerabilities specifically affect FortiCloud’s SSO login. This feature is not active by default.
However, the developers point out that if admins register devices with FortiCare via the respective device’s user interface and do not disable the "Allow administrative login using FortiCloud SSO" option, FortiCloud SSO login is active. If this is the case, attackers can exploit the vulnerability with prepared SAML messages and thus gain access without correct authentication.
Temporarily, admins can protect devices by disabling this login method. However, only installing available security patches provides a permanent solution. Their listing is beyond the scope of this announcement. Admins can find information in the warning message.
Even More Dangers
Furthermore, FortiAuthenticator, FortiExtender, and FortiPortal are among the vulnerable products. The majority of the remaining security vulnerabilities are classified as having a "medium" threat level. If attacks are successful, attackers can, for example, execute their own commands or access private keys that should be isolated.
In the security section of the Fortinet website, further details on the security issues can be found. On the past patch day, the developers closed, among other things, already exploited vulnerabilities in FortiWeb.
(des)
Don’t miss any news – follow us on Facebook, LinkedIn or Mastodon.
This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.