Home Alerts & Advisories Alerts Critical Vulnerabilities in Multiple Fortinet Products Alerts Critical Vulnerabilities in Multiple Fortinet Products 12 December 2025 Fortinet has released security updates to address critical vulnerabilities affecting their FortiOS, FortiWeb, FortiProxy and FortiSwitchManager products. Users and administrators of affected product versions are advised to update to the latest version immediately. Background Fortinet has released security updates to address critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) affecting FortiOS, FortiProxy, FortiSwitchManager and FortiWeb. Both vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.0) score of 9.8 out of 10. Impact Successful exploitation of the vulnerabilities could lead to the following: CVE-2025-59718: This vulnerability involves improper verification of cryptographic signatures in versions of Fortinet FortiOS, FortiProxy, and FortiSwitchManager, which could allow an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message. CVE-2025-59719: This vulnerability involves improper verification of cryptographic signatures in Fortinet FortiWeb, which could allow an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message. Affected Products The vulnerabilities affect the following product versions: FortiOS 7.0.0 through 7.0.17 7.2.0 through 7.2.11 7.4.0 through 7.4.8 7.6.0 through 7.6.3 FortiProxy 7.0.0 through 7.0.21 7.2.0 through 7.2.14 7.4.0 through 7.4.10 7.6.0 through 7.6.3 FortiSwitchManager 7.0.0 through 7.0.5 7.2.0 through 7.2.6 FortiWeb 7.4.0 through 7.4.9 7.6.0 through 7.6.4 8.0.0 Mitigation Users and administrators of affected products are advised to update the affected products to the latest version immediately. Workaround If patching is not immediately possible, administrators may consider turning off the FortiCloud login feature (if enabled) temporarily until upgrading to a non-affected version. To turn off FortiCloud login, go to System -> Settings -> Switch “Allow administrative login using FortiCloud SSO” to Off. Alternatively, type the following command in the CLI: config system global set admin-forticloud-sso-login disable end References https://fortiguard.fortinet.com/psirt/FG-IR-25-647 https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/critical-vulnerabilities-in-multiple-fortinet-products-forticloud-sso-login-authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-59718 https://nvd.nist.gov/vuln/detail/CVE-2025-59719 https://arcticwolf.com/resources/blog/cve-2025-59718-and-cve-2025-59719/ Back to top