SOC Advisory – Fortinet FortiCloud SSO Authentication Bypass Vulnerabilities – 11 December 2025

Overview

CVE: CVE-2025-59718, CVE-2025-59719
Severity: Critical
Date: 11 December 2025

Fortinet has released patches for two critical vulnerabilities affecting multiple Fortinet products that use FortiCloud single sign on. Both issues allow an unauthenticated attacker to bypass FortiCloud SSO authentication by sending a crafted SAML response. The ACSC is urging organisations to take immediate action, apply patches and investigate for potential compromise.

Affected Versions

FortiOS

• 7.0.0 through 7.0.17
• 7.2.0 through 7.2.11
• 7.4.0 through 7.4.8
• 7.6.0 through 7.6.3

FortiProxy

• 7.0.0 through 7.0.21
• 7.2.0 through 7.2.14
• 7.4.0 through 7.4.10
• 7.6.0 through 7.6.3

FortiSwitchManager

• 7.0.0 through 7.0.5
• 7.2.0 through 7.2.6

FortiWeb

• 7.4.0 through 7.4.9
• 7.6.0 through 7.6.4
• 8.0.0

Vulnerability Breakdown

CVE-2025-59718

• Severity: Critical
• Description: The product does not correctly validate cryptographic signatures in FortiOS, FortiProxy and FortiSwitchManager.
• Impact: Allows an unauthenticated attacker to bypass FortiCloud SSO login authentication using a crafted SAML response.
• Conditions: No authentication required.
• Notes: Impacts multiple platforms.

CVE-2025-59719

• Severity: Critical
• Description: Cryptographic signature verification in FortiWeb can be bypassed using a forged SAML response.
• Impact: Enables unauthenticated FortiCloud SSO login bypass.
• Conditions: No authentication required.
• Notes: Affects FortiWeb only.

Mitigation

• Review networks for use of vulnerable versions of the affected Fortinet products
• Apply the latest patches as outlined in the Fortinet Advisory
• Disable FortiCloud login if enabled until patches are applied
• Investigate for any unauthorised access or compromise of affected products

Summary for IT Teams

Products: FortiOS, FortiProxy, FortiSwitchManager, FortiWeb
Threat Level: Critical
Action Required:

• Apply Fortinet’s latest patches for all affected products
• Disable FortiCloud login until patched
• Investigate environments for unauthorised access
• Review deployments to confirm whether vulnerable versions are in use

Reference

• ACSC Advisory

Need Help?

If your organisation requires assistance identifying affected systems, enforcing browser updates or reviewing browser security policies, please contact our SOC team via soc@secure-iss.com.