- Two critical SAML signature vulnerabilities (CVE‑2025‑59718/59719) allow attackers to bypass SSO on several Fortinet products.
- The exploitation began on December 12, with intruders extracting configuration files that exposed network configuration and hashed passwords.
- Fortinet recommends disabling the FortiCloud connection and immediately upgrading to the listed patched versions.
Two new critical vulnerabilities have been discovered in Fortinet products, and as they are actively exploited in the wild, the company and security researchers are urging users to upgrade to the latest version as soon as possible.
In a recently published security advisory (via BeepComputer), Fortinet said it discovered an SSO authentication bypass bug in FortiOS, FortiProxy and FortiSwitchManager, caused by incorrect verification of cryptographic signatures in SAML messages.
As a result, a malicious actor can submit a malicious SAML assertion and log in without proper credentials.
Disable FortiCloud connection
The bug is tracked as CVE-2025-59718 and received a severity score of 9.8/10 (critical). This affects several product versions:
FortiOS 7.6.0 to 7.6.3,
7.4.0 to 7.4.8,
7.2.0 to 7.2.1,
7.0.0 to 7.0.17,
FortiProxy 7.6.0 to 7.6.3,
7.4.0 to 7.4.10,
7.2.0 to 7.2.14,
7.0.0 to 7.0.21
FortiSwitchManager 7.2.0 to 7.2.6,
7.0.0 to 7.0.5
The second vulnerability is also an SSO authentication bypass, but this time in FortiWeb. This stems from a similar bug with cryptographic signature validation of SAML messages. This one is tracked as CVE-2025-59719 and also has a severity score of 9.8/10 (critical).
Affected versions include:
8.0.0
7.6.0 to 7.5.4,
7.4.0 to 7.4.9.
Meanwhile, Arctic Wolf security researchers say cybercriminals began exploiting the bugs on December 12 and using them to download system configuration files. This allows them to expose network configurations, internet-connected devices, firewall settings, and possibly even hashed passwords.
To defend against such intrusions, Fortinet suggests administrators running vulnerable versions disable the FortiCloud login feature and upgrade to a cleaner version as soon as possible, including one of these:
FortiOS 7.6.4+, 7.4.9+, 7.2.12+ and 7.0.18+
FortiProxy 7.6.4+, 7.4.11+, 7.2.15+, 7.0.22+
FortiSwitchManager 7.2.7+, 7.0.6+
FortiWeb 8.0.1+, 7.6.5+, 7.4.10+
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
