Fortinet’s products have additional vulnerabilities that allow hackers to gain access to systems and more.

• Two critical SAML signing vulnerabilities (CVE-2025-59718/59719) allow attackers to bypass SSO in multiple Fortinet products.
• The exploit began on December 12, when attackers obtained configuration files that revealed network settings and encrypted passwords.
• Fortinet strongly recommends that you disable the FortiCloud connection and immediately upgrade to the patched versions listed.

Two new critical vulnerabilities have been discovered in Fortinet’s products and as they are being actively exploited, the company and security researchers are urging users to update to the latest version as soon as possible.

In a recently published security advisory (Upstairs BeepTeam), Fortinet says it has discovered an SSO authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager, caused by incorrect verification of cryptographic signatures in SAML messages.

As a result, an attacker can submit a malicious SAML certificate and log in without the correct credentials.

Disable the FortiCloud connection

The bug is tracked as CVE-2025-59718 and received a severity rating of 9.8/10 (Critical). Affects different versions of the product:

FortiOS 7.6.0 to 7.6.3,
from 7.4.0 to 7.4.8,
from 7.2.0 to 7.2.1,
from 7.0.0 to 7.0.17,
FortiProxy 7.6.0 to 7.6.3,
from 7.4.0 to 7.4.10,
7.2.0 to 7.2.14,
from 7.0.0 to 7.0.21
FortiSwitchManager 7.2.0 to 7.2.6,
7.0.0 to 7.0.5

The second vulnerability is also an SSO authentication bypass, but this time in FortiWeb. This is due to a similar bug when validating cryptographic signatures for SAML messages. This issue is listed as CVE-2025-59719 and also has a severity rating of 9.8/10 (Critical).

Affected versions include:

8.0.0
from 7.6.0 to 7.5.4,
7.4.0 to 7.4.9.

Meanwhile, security researcher Arctic Wolf says cybercriminals began exploiting the flaws on December 12 and using them to download system configuration files. This allows them to reveal network settings, internet connected devices, firewall settings and possibly even hashed passwords.

To protect against such breaches, Fortinet recommends that administrators using vulnerable versions disable the FortiCloud login feature and upgrade to a cleaner version as soon as possible, including any of the following:

FortiOS 7.6.4+, 7.4.9+, 7.2.12+ and 7.0.18+
FortiProxy 7.6.4+, 7.4.11+, 7.2.15+, 7.0.22+
FortiSwitchManager 7.2.7+, 7.0.6+
FortiWeb 8.0.1+, 7.6.5+, 7.4.10+