Fortinet has released security updates addressing two critical authentication bypass vulnerabilities, tracked as CVE-2025-59718 and CVE-2025-59719, affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when FortiCloud SSO is enabled. These vulnerabilities allow unauthenticated attackers to bypass FortiCloud SSO authentication due to improper cryptographic signature verification using crafted SAML messages.

Affected Systems:

The affected systems and versions include, but are not limited to:

• FortiOS: 7.6.0-7.6.3, 7.4.0 - 7.4.8, 7.2.0 - 7.2.11, 7.0.0 - 7.0.17.

• FortiSwitchManager: 7.0.0 – 7.0.5, 7.2.0 - 7.2.6.

• FortiProxy: 7.6.0-7.6.3, 7.4.0 - 7.4.10, 7.2.0 - 7.2.14, 7.0.0 - 7.0.21.

• FortiWeb: 7.4.0 - 7.4.9, 7.6.0 – 7.6.4, 8.0.0

Security Risks

Successful exploitation of the vulnerabilities in Fortinet software could allow unauthorized individuals to gain access to and control of affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators to:

• Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible and Disable FortiCloud SSO (Single Sign-On).

The released software versions for upgrade include, but are not limited to:

• FortiOS: Upgrade to 7.6.4 or above, 7.4.9 or above, 7.2.12 or above, 7.0.18 or above.

• FortiSwitchManager: Upgrade to 7.2.7 or above, 7.0.6 or above.

• FortiProxy: Upgrade to 7.6.4 or above, 7.4.11 or above, 7.2.15 or above, 7.0.22 or above.

• FortiWeb: Upgrade to 7.4.10 or above, 7.6.5 or above, 8.0.1 or above.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://www.fortiguard.com/psirt.