Fortinet products hit by further security flaws - giving hackers access to systems and more

News
By published

Two new Fortinet flaws are being actively abused in the wild

Password recovery concept image showing man typing on a keyboard with an overlay imitating password recovery and data recovery principles
(Image credit: Shutterstock)
  • Two critical SAML‑signature flaws (CVE‑2025‑59718/59719) let attackers bypass SSO across multiple Fortinet products
  • Exploitation began December 12, with intruders pulling config files that expose network layouts and hashed passwords
  • Fortinet urges disabling FortiCloud login and upgrading immediately to the patched versions listed

Two new critical vulnerabilities have been discovered in Fortinet products, and since they are being actively abused in the wild, both the company and security researchers are urging users to upgrade to the newest version as soon as possible.

In a newly released security advisory (via BleepingComputer), Fortinet said it discovered an SSO authentication bypass bug in FortiOS, FortiProxy, and FortiSwitchManager, caused by improper verification of cryptographic signatures in SAML messages.

As a result, a threat actor can submit a maliciously crafted SAML assertion and log in without proper credentials.

Disabling FortiCloud login

The bug is tracked as CVE-2025-59718, and was given a severity score of 9.8/10 (critical). It affects multiple versions of the products:

FortiOS 7.6.0 through 7.6.3,
7.4.0 through 7.4.8,
7.2.0 through 7.2.1,
7.0.0 through 7.0.17,
FortiProxy 7.6.0 through 7.6.3,
7.4.0 through 7.4.10,
7.2.0 through 7.2.14,
7.0.0 through 7.0.21
FortiSwitchManager 7.2.0 through 7.2.6,
7.0.0 through 7.0.5

The second vulnerability is also an SSO authentication bypass, but this time in FortiWeb. It stems from a similar bug with the cryptographic signature validation of SAML messages. This one is tracked as CVE-2025-59719 and also has a severity score of 9.8/10 (critical).

Affected versions include:

8.0.0
7.6.0 through 7.5.4,
7.4.0 through 7.4.9.

At the same time, security researchers Arctic Wolf are saying cybercriminals started exploiting the bugs on December 12 and using them to download system configuration files. That allows them to expose network layouts, internet-facing appliances, firewall settings, and possibly even hashed passwords.

To defend from such intrusions, Fortinet suggests admins running vulnerable versions disable the FortiCloud login feature, and upgrade to a cleaner version as soon as possible, including any of these:

FortiOS 7.6.4+, 7.4.9+, 7.2.12+, and 7.0.18+
FortiProxy 7.6.4+, 7.4.11+, 7.2.15+, 7.0.22+
FortiSwitchManager 7.2.7+, 7.0.6+
FortiWeb 8.0.1+, 7.6.5+, 7.4.10+

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.