On December 9, 2025, Fortinet released an advisory detailing two critical authentication bypass vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Designated CVE-2025-59718 and CVE-2025-59719, these vulnerabilities allow an unauthenticated threat actor to bypass FortiCloud SSO login authentication via a crafted SAML message if the feature is enabled on the device.
Fortinet states that FortiCloud SSO login is disabled by default in factory settings. However, when an administrator registers the device to FortiCare through the device’s GUI, FortiCloud SSO is enabled upon registration unless the administrator disables the “Allow administrative login using FortiCloud SSO” toggle on the registration page.
Historically, threat actors have targeted Fortinet products to gain initial access. Although the recent FortiCloud vulnerabilities have not been exploited in the wild and public proof-of-concept (PoC) exploit code is not available, threat actors will likely attempt to leverage these flaws to access organizations’ networks in the future.
Recommendations
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of affected Fortinet products.
| Product | Affected Version | Fixed Version |
| FortiOS 7.6 | 7.6.0 through 7.6.3 | 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | 7.0.18 or above |
| FortiProxy 7.6 | 7.6.0 through 7.6.3 | 7.6.4 or above |
| FortiProxy 7.4 | 7.4.0 through 7.4.10 | 7.4.11 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.14 | 7.2.15 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.21 | 7.0.22 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | 7.0.6 or above |
| FortiWeb 8.0 | 8.0.0 | 8.0.1 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | 7.4.10 or above |
Note: The following products are unaffected by the vulnerabilities: FortiOS 6.4, FortiWeb 7.0, and FortiWeb 7.2.
Workaround
Fortinet recommends turning off the FortiCloud login feature (if enabled) temporarily until upgrading to a non-affected version.
To turn off FortiCloud login, go to System -> Settings -> Switch “Allow administrative login using FortiCloud SSO” to Off.
Or type the following command in the CLI:
config system global set admin-forticloud-sso-login disable end
