518/68 Thursday, December 11, 2025
Fortinet has issued a security advisory and released updates to patch two critical vulnerabilities-CVE-2025-59718 and CVE-2025-59719-affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaws stem from improper verification of cryptographic signatures in SAML messages, allowing attackers to craft malicious SAML assertions to bypass authentication and gain administrative access through the FortiCloud SSO feature without needing valid credentials.
Although FortiCloud SSO is not enabled by default at the factory, it is automatically enabled when a device is registered with the FortiCare service-unless the administrator disables it manually. Fortinet also patched other high-risk vulnerabilities, including CVE-2025-59808, which allows attackers to reset a victim’s account password without knowing the current one, and CVE-2025-64471, which enables pass-the-hash attacks by allowing authentication using hashed credentials instead of plaintext passwords.
Because Fortinet appliances are frequently targeted by state-sponsored threat actors and ransomware groups, who routinely exploit zero-day vulnerabilities, administrators are strongly urged to update to the latest firmware immediately. If an update cannot be applied yet, Fortinet recommends temporarily mitigating the risk by disabling the feature “Allow administrative login using FortiCloud SSO” in System → Settings or via the command line to reduce exposure to potential attacks.
