The flaws, tracked as CVE-2025-59718 and CVE-2025-59719, affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and carry a critical CVSS v3 score of 9.1, allowing unauthenticated remote attackers to bypass authentication without user interaction.
| CVE ID | Affected Products | Severity | CVSS v3 Score | Impact | Vulnerability Type |
|---|---|---|---|---|---|
| CVE-2025-59718 | FortiOS, FortiWeb, FortiProxy, FortiSwitchManager | Critical | 9.1 | Improper Access Control – Authentication Bypass | Improper SAML Signature Verification |
| CVE-2025-59719 | FortiOS, FortiWeb, FortiProxy, FortiSwitchManager | Critical | 9.1 | Improper Access Control – Authentication Bypass | Improper SAML Signature Verification |
The security flaws stem from improper verification of cryptographic signatures in the affected products’ FortiCloud SSO login functionality.
The vulnerabilities enable unauthenticated attackers to execute remote attacks over the network without requiring any user interaction or privileges.
The attack surface is particularly concerning because administrators who registered devices via the GUI may have inadvertently enabled FortiCloud SSO, which is not enabled by default.
Multiple product versions remain vulnerable across Fortinet’s enterprise portfolio. FortiOS versions 7.0.0 through 7.0.17, 7.2.0 through 7.2.11, 7.4.0 through 7.4.8, and 7.6.0 through 7.6.3 are impacted.
FortiProxy is vulnerable from versions 7.0.0 through 7.0.21, 7.2.0 through 7.2.14, 7.4.0 through 7.4.10, and 7.6.0 through 7.6.3.
FortiWeb versions 7.4.0 through 7.4.9, 7.6.0 through 7.6.4, and 8.0.0 are also affected, along with FortiSwitchManager versions 7.0.0 through 7.0.5 and 7.2.0 through 7.2.6.
Organizations should immediately take action to mitigate these critical vulnerabilities.
The recommended mitigation is to disable FortiCloud SSO login by navigating to System Settings and toggling off “Allow administrative login using FortiCloud SSO,” or by executing the CLI command to disable the functionality.
Fortinet recommends upgrading to patched versions, including FortiOS 7.0.18, 7.2.12, 7.4.9, and 7.6.4 or later, for long-term protection.
The vulnerabilities were discovered internally by Fortinet Product Security team members Yonghui Han and Theo Leleu, and organizations should prioritize patching given the critical severity and ease of exploitation.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Update
The post FortiOS, FortiWeb & FortiProxy Flaw Allows Attackers to Bypass FortiCloud SSO appeared first on Cyber Security News.
A newly uncovered phishing campaign is delivering Agent Tesla, one of the most widely used…
The Trump Administration’s purchase of two vacant warehouses in two rural Pennsylvania townships illustrates where…
Netflix has announced that it has declined to raise its offer for Warner Bros. Discovery,…
The Federal Emergency Management Agency building in Washington, D.C., on Nov. 25, 2024. (Photo by…
Less than 24 hours before the deadline in an ultimatum issued by the Pentagon, Anthropic…
Netflix has dropped its $83 billion deal to acquire the Warner Bros. studio, HBO, and…
This website uses cookies.