Fortinet Addresses Critical Vulnerabilities Impacting Multiple Fortinet Products (CVE-2025-59718 & CVE-2025-59719)
Fortinet releases fixes to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Tracked as CVE-2025-59718 and CVE-2025-59719, both vulnerabilities have a CVSS score of 9.1. Successful exploitation of the vulnerabilities could lead to improper access control.
An improper verification of cryptographic signatures vulnerability in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager may allow an unauthenticated attacker to bypass FortiCloud Single Sign-On (SSO) login authentication with a crafted SAML message, if this feature is enabled on the device.
It’s important to note that the FortiCloud SSO login feature is not enabled by default in the factory settings. However, when an administrator registers the device to FortiCare from the device’s GUI, unless the administrator disables the toggle switch “Allow administrative login using FortiCloud SSO” in the registration page, FortiCloud SSO login is enabled upon registration.
Affected and Patched Versions
| Version | Affected | Solution |
| FortiOS 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | Upgrade to 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | Upgrade to 7.0.18 or above |
| FortiOS 6.4 | Not affected | Not Applicable |
| FortiProxy 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiProxy 7.4 | 7.4.0 through 7.4.10 | Upgrade to 7.4.11 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.14 | Upgrade to 7.2.15 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.21 | Upgrade to 7.0.22 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiWeb 8.0 | 8.0.0 | Upgrade to 8.0.1 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | Upgrade to 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | Upgrade to 7.4.10 or above |
| FortiWeb 7.2 | Not affected | Not Applicable |
| FortiWeb 7.0 | Not affected | Not Applicable |
Please refer to the FortiGuard Security Advisory (FG-IR-25-647) for more information.
Workaround
Users can temporarily disable the FortiCloud login feature (if enabled) until upgrading to a fixed version.
To turn off FortiCloud login, go to System -> Settings -> Switch “Allow administrative login using FortiCloud SSO” to Off. Or type the following command in the CLI:
config system global set admin-forticloud-sso-login disable end
Qualys Detection
Qualys customers can scan their devices with QIDs 44861 and 44862 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Comments are closed.