- Two critical SAML signature flaws (CVE-2025-59718/59719) allow attackers to bypass SSO across multiple Fortinet products
- The exploit began on December 12, when intruders pulled configuration files revealing network layouts and hashed passwords
- Fortinet urges you to disable FortiCloud login and immediately upgrade to the specified patched versions
Two new critical vulnerabilities have been discovered in Fortinet products, and as they are being actively exploited in the wild, both the company and security researchers are urging users to upgrade to the latest version as soon as possible.
In a recently released security advisory (via Bleeping Computer), Fortinet said it discovered an SSO authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager, caused by improper verification of cryptographic signatures in SAML messages.
As a result, a threat actor can submit a maliciously crafted SAML assertion and log in without proper credentials.
Disables FortiCloud login
The bug is tracked as CVE-2025-59718 and received a severity score of 9.8/10 (Critical). It affects several versions of the products:
FortiOS 7.6.0 to 7.6.3,
7.4.0 to 7.4.8,
7.2.0 to 7.2.1,
7.0.0 to 7.0.17,
FortiProxy 7.6.0 to 7.6.3,
7.4.0 to 7.4.10,
7.2.0 to 7.2.14,
7.0.0 to 7.0.21
FortiSwitchManager 7.2.0 to 7.2.6,
7.0.0 to 7.0.5
The second vulnerability is also a bypass of SSO authentication, but this time in FortiWeb. It stems from a similar bug with the cryptographic signature validation of SAML messages. This is tracked as CVE-2025-59719 and also has a severity rating of 9.8/10 (Critical).
Affected versions include:
8.0.0
7.6.0 to 7.5.4,
7.4.0 to 7.4.9.
Meanwhile, security researchers Arctic Wolf say cybercriminals began exploiting the flaws on December 12 and using them to download system configuration files. It allows them to reveal network layouts, Internet-facing devices, firewall settings, and possibly even hashed passwords.
To defend against such intrusions, Fortinet suggests that administrators running vulnerable versions disable the FortiCloud login feature and upgrade to a cleaner version as soon as possible, including one of these:
FortiOS 7.6.4+, 7.4.9+, 7.2.12+ and 7.0.18+
FortiProxy 7.6.4+, 7.4.11+, 7.2.15+, 7.0.22+
FortiSwitchManager 7.2.7+, 7.0.6+
FortiWeb 8.0.1+, 7.6.5+, 7.4.10+
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
