Overview

Fortinet has released security updates addressing two critical vulnerabilities that allow attackers to bypass FortiCloud Single Sign-On (SSO) authentication in multiple products. The flaws, tracked as CVE-2025-59718 and CVE-2025-59719, affect:

  • FortiOS
  • FortiProxy
  • FortiSwitchManager
  • FortiWeb

Technical Details

Attackers can exploit these vulnerabilities by sending maliciously crafted SAML messages, leveraging weaknesses in cryptographic signature verification. This could enable unauthorized administrative access when FortiCloud SSO is enabled.

Important Note:
FortiCloud SSO is disabled by default unless the device is registered to FortiCare and the option “Allow administrative login using FortiCloud SSO” remains enabled.

 

Affected Devices

  • Any FortiOS, FortiProxy, FortiSwitchManager, or FortiWebinstance with FortiCloud SSO login enabled.
  • Devices registered to FortiCare without disabling the SSO toggle.

 

Recommended Remediations

ctrl:cyber recommends installing the following remediations:

  1. Immediate Action:
    • Disable FortiCloud SSO login if enabled:
      • GUI: System → Settings → Toggle “Allow administrative login using FortiCloud SSO” to Off
      • CLI: 
        config system global
set admin-forticloud-sso-login disable
end
  2. Update to Patched Versions:
    • Apply the latest Fortinet security updates for all affected products.

Additional Vulnerabilities Patched

  • CVE-2025-59808: Unverified password change flaw.
  • CVE-2025-64471: Authentication bypass using password hash.

Source: Fortinet warns of critical FortiCloud SSO login auth bypass flaws