Listen to this Post

Introduction
Fortinet has recently disclosed a set of 18 security vulnerabilities affecting multiple products, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Among these, two critical authentication-bypass flaws, CVE-2025-59718 and CVE-2025-59719, have garnered particular attention due to their high CVSS score of 9.1. These vulnerabilities exploit improper cryptographic signature verification, potentially allowing unauthenticated attackers to bypass FortiCloud SSO login if the feature is enabled. While FortiCloud SSO is disabled by default, it can be activated automatically during FortiCare registration, increasing exposure risks for organizations that have not manually disabled the feature.
Vulnerabilities and Impact
The critical flaws involve improper signature-verification mechanisms in Fortinet devices. Specifically, FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager are vulnerable when FortiCloud SSO is enabled. Attackers can exploit these flaws by sending crafted SAML messages to bypass authentication, gaining unauthorized administrative access. Although FortiCloud SSO is off in default factory settings, it activates automatically during device registration with FortiCare unless administrators explicitly disable it.
Fortinet recommends disabling FortiCloud SSO as a temporary mitigation until affected systems are updated to fixed versions. The advisory highlights impacted versions and their corresponding upgrade paths:
FortiOS: Versions 7.0.0–7.6.3 affected; upgrades range from 7.0.18 to 7.6.4 or above depending on the branch.
FortiProxy: Versions 7.0.0–7.6.3 affected; updates available from 7.0.22 to 7.6.4.
FortiSwitchManager: Versions 7.0.0–7.2.6 affected; upgrade paths to 7.0.6 or 7.2.7.
FortiWeb: Versions 7.4.0–8.0.0 affected; fixes range from 7.4.10 to 8.0.1.
Some older versions, such as FortiOS 6.4 and FortiWeb 7.0/7.2, are not affected.
The vulnerabilities were internally discovered and responsibly reported by Fortinet’s product security team members Yonghui Han and Theo Leleu. Currently, there is no evidence that these flaws have been exploited in the wild.
What Undercode Say:
These vulnerabilities highlight a recurring challenge in enterprise cybersecurity: balancing usability features like SSO with security controls. FortiCloud SSO, designed to streamline authentication, becomes a liability when signature-verification flaws exist. Attackers exploiting SAML-based flaws can bypass administrative access without any credentials, a highly attractive vector for ransomware or data exfiltration campaigns.
The automatic activation of FortiCloud SSO during FortiCare registration introduces a subtle but dangerous exposure, often overlooked by IT teams. Organizations assuming default settings are safe may be unknowingly exposed. This incident underscores the importance of proactive vulnerability management and rigorous auditing of optional security features, particularly those that interact with cloud services.
The CVSS score of 9.1 reflects the severity: it allows unauthenticated access to critical administrative functions, potentially compromising entire networks. The affected product range, including FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb, indicates that both network infrastructure and web application security layers are at risk. The fact that the vulnerabilities were discovered internally suggests strong internal security protocols at Fortinet but also emphasizes that even widely used enterprise solutions are not immune to logic or verification flaws.
Temporary mitigations, like disabling FortiCloud SSO, are critical until patch deployment, but they introduce operational trade-offs. Administrators must weigh the convenience of cloud-based authentication against potential security breaches. This incident also serves as a reminder of the importance of keeping systems updated with the latest vendor patches—delays can turn minor vulnerabilities into gateways for large-scale attacks.
Furthermore, organizations should integrate automated monitoring and threat detection for unusual login patterns, especially from SSO mechanisms. The combination of timely patching, feature auditing, and anomaly detection forms a multi-layered defense against sophisticated attackers. Fortinet’s transparency in releasing advisories is commendable, yet enterprise teams must translate this information into actionable security measures immediately.
Fact Checker Results:
✅ Fortinet reported 18 vulnerabilities, including two critical authentication-bypass flaws.
✅ The FortiCloud SSO feature is disabled by default but can activate automatically during FortiCare registration.
❌ No confirmed exploitation in the wild has been reported at this time.
Prediction:
📊 The FortiCloud SSO authentication-bypass vulnerabilities are likely to attract increased attention from threat actors, particularly those targeting enterprise networks. Organizations with automated FortiCare registration may experience heightened risk if patches are delayed. Over the next year, widespread patch adoption and feature audits are expected, with attackers shifting focus to unpatched legacy versions of Fortinet products. Enterprise cybersecurity policies will increasingly prioritize auditing optional authentication features to prevent similar exposures.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: securityaffairs.com
Extra Source Hub (Possible Sources for article):
https://www.medium.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon




