THE CORTEX PROTOCOL
🏠Home🚨Threats🧠Insights📚Books
🚨 CRITICALintel

CVE-2025-59718 & CVE-2025-59719 - Fortinet FortiCloud SSO Auth Bypass

Category:Vulnerabilities & Exploits
Two critical Fortinet flaws (CVE-2025-59718 CVSS 9.6, CVE-2025-59719 CVSS 9.8) enable complete FortiCloud SSO authentication bypass. CVE-2025-59718 exploits improper session validation—attackers craft malicious requests to skip authentication. CVE-2025-59719 uses cryptographic weakness to forge valid tokens. Affects FortiOS 7.4.0-7.4.5, FortiWeb, FortiProxy, FortiSwitchManager when FortiCloud SSO enabled. SSO flaws cascade across entire Fortinet infrastructure. FortiCloud SSO disabled by default but auto-enables during FortiCare registration unless admin explicitly disables toggle. Fortinet recommends disabling FortiCloud login until patching. Internally discovered by Fortinet Product Security. No active exploitation confirmed yet. Patched December 10.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: SSO authentication bypass affects entire Fortinet security stack—FortiOS firewalls, FortiWeb WAFs, FortiProxy secure gateways, FortiSwitchManager. Single compromise cascades to all connected products. Auto-enable during registration catches admins unaware—organizations may have SSO active without knowledge. Technical Context: CVE-2025-59718 and CVE-2025-59719 are improper cryptographic signature verification flaws in FortiCloud SSO SAML implementation (T1556.006 Modify Authentication Process: Multi-Factor Authentication). Attackers craft malicious SAML messages to bypass authentication entirely or forge valid tokens. Internally discovered, no exploitation yet, but CVSS 9.8 with authentication bypass means immediate patching critical.

Strategic Intelligence Guidance

  • Immediately inventory FortiOS, FortiWeb, FortiProxy and FortiSwitchManager instances, determine whether FortiCloud SSO is enabled, and upgrade to the vendor-recommended fixed versions on an emergency schedule.
  • Temporarily disable FortiCloud SSO login wherever feasible and restrict all management interfaces to dedicated admin networks or VPN-only access paths.
  • Implement strong authentication and role-based access control for all Fortinet administrative accounts, and enable alerting for unusual login locations, SSO flows, or privilege escalations.
  • Review firewall, WAF and proxy configurations for unauthorized changes and ensure that central logging and SIEM collection from Fortinet devices cannot be disabled without detection.

CVEs

CVE-2025-59718CVE-2025-59719

Vendors

FortinetFortiOSFortiWebFortiProxyFortiSwitchManager

Targets

Network firewallsWeb application firewallsSecure web proxiesNetwork switch managers

Tags

#cve-2025-59718#cve-2025-59719#fortinet#fortios#authentication-bypass#saml-security#perimeter-security
Intelligence Source: CVE-2025-59718 & CVE-2025-59719 - Fortinet FortiCloud SSO Auth Bypass | Dec 11, 2025
More stories in Critical Vulnerabilities