Fortinet Releases Security Advisory for FortiCloud SSO Login Authentication Bypass

The security advisory address two vulnerabilities that could allow an attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message

Threat ID:: CC-4724
Threat Severity:: Medium
Published:: 10 December 2025 12:24 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The security advisory address two vulnerabilities that could allow an attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

7.6.0 to 7.6.3
7.4.0 to 7.4.8
7.2.0 to 7.2.11
7.0.0 to 7.0.17

Fortinet FortiProxy

7.6.0 to 7.6.3
7.4.0 to 7.4.10
7.2.0 to 7.2.14
7.0.0 to 7.0.21

Fortinet FortiSwitch Manager

7.2.0 to 7.2.6
7.0.0 to 7.0.5

Fortinet FortiWeb

8.0.0
7.6.0 to 7.6.4
7.4.0 to 7.4.9

Threat details

Potential exploitation of CVE-2025-59718 and CVE-2025-59719

Researchers have reported evidence of malicious SSO logins on FortiGate devices following disclosure of CVE-2025-59718 and CVE-2025-59719.

Introduction

Fortinet has released a security advisory to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy and FortiSwitchManager. Devices are only vulnerable if the FortiCloud SSO login feature is enabled when registering the device to FortiCare.

CVE-2025-59718 - an 'improper verification of cryptographic signature' vulnerability with - CVSSv3 score: 9.1.
CVE-2025-59719 - an 'improper verification of cryptographic signature' vulnerability with - CVSSv3 score: 9.1.

Threat updates

Date	Update
16 Dec 2025	Added details regarding potential exploitation of CVE-2025-59718 and CVE-2025-59719

Remediation advice

Affected organisations are encouraged to review the Fortinet PSIRT FG-IR-25-647 and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

CVE Vulnerabilities

Status Published

CVE-2025-59718

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Status Published

CVE-2025-59719

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Last edited: 16 December 2025 12:14 pm