Bright Nexus

Published on December 10, 2025

Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass

Severity

Critical

Detail

CVE-2025-59718 and CVE-2025-59719, both rated 9.8 on the CVSS scale, stem from flaws in how cryptographic signatures are checked. These vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.

CVE Number Description CVSS Score (Severity)
CVE-2025-59718
CVE-2025-59719		An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message, if that feature is enabled on the device.9.8 (Critical)

Fortinet says attackers could exploit these weaknesses by sending specially crafted SAML response messages, allowing them to bypass FortiCloud SSO authentication on affected devices.

Although this feature is turned off by default, it becomes enabled automatically when a device is registered with FortiCare.

According to Fortinet, if an administrator registers a device through the GUI and doesn’t manually turn off the “Allow administrative login using FortiCloud SSO” option during registration, FortiCloud SSO will be activated.

Affected Version

FortiOS

  • 7.6: Versions 7.6.0 – 7.6.3 → Upgrade to 7.6.4 or above
  • 7.4: Versions 7.4.0 – 7.4.8 → Upgrade to 7.4.9 or above
  • 7.2: Versions 7.2.0 – 7.2.11 → Upgrade to 7.2.12 or above
  • 7.0: Versions 7.0.0 – 7.0.17 → Upgrade to 7.0.18 or above
  • 6.4: Not affected

FortiProxy

  • 7.6: Versions 7.6.0 – 7.6.3 → Upgrade to 7.6.4 or above
  • 7.4: Versions 7.4.0 – 7.4.10 → Upgrade to 7.4.11 or above
  • 7.2: Versions 7.2.0 – 7.2.14 → Upgrade to 7.2.15 or above
  • 7.0: Versions 7.0.0 – 7.0.21 → Upgrade to 7.0.22 or above

FortiSwitchManager

  • 7.2: Versions 7.2.0 – 7.2.6 → Upgrade to 7.2.7 or above
  • 7.0: Versions 7.0.0 – 7.0.5 → Upgrade to 7.0.6 or above

FortiWeb

  • 8.0: Version 8.0.0 → Upgrade to 8.0.1 or above
  • 7.6: Versions 7.6.0 – 7.6.4 → Upgrade to 7.6.5 or above
  • 7.4: Versions 7.4.0 – 7.4.9 → Upgrade to 7.4.10 or above

Recommendation

To protect systems against attacks exploiting these vulnerabilities, admins are advised to temporarily disable the FortiCloud login feature (if enabled) until they upgrade to a non-vulnerable version.

Source

https://www.fortiguard.com/psirt/FG-IR-25-647

https://www.securityweek.com/fortinet-patches-critical-authentication-bypass-vulnerabilities