FortiOS/FortiWeb/FortiProxy/FortiSwitchManager FortiCloud SSO auth bypass patch release (CVE-2025-59718, CVE-2025-59719)
Security Patch Release
Summary
Hide ▲
Show ▼
Fortinet patched FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager on December 9 for CVE-2025-59718 and CVE-2025-59719, critical flaws that can bypass FortiCloud SSO authentication through a maliciously crafted SAML message. The company said the vulnerable FortiCloud SSO login feature is not enabled by default on devices that are not FortiCare-registered, and administrators were told to disable FortiCloud SSO login until they can upgrade to a non-vulnerable version. The incident later moved into active exploitation, with attackers abusing the flaws against Fortinet devices that have FortiCloud SSO enabled to gain admin-level access to the web management interface and download system configuration files. Shadowserver said it found over 25,000 Fortinet devices exposed online with FortiCloud SSO enabled, and CISA added the issue to its catalog of actively exploited vulnerabilities with a December 23 patch deadline for U.S. government agencies.
Cases
Related Happenings
Fortinet security patch release for CVE-2026-44277
Security Patch Release
First: 12.05.2026 21:23
Last: 12.05.2026 21:23
Sources 1
About this happening:
Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet security patch release for CVE-2026-44277
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch Release
First: 07.04.2026 12:26
Last: 07.04.2026 12:26
Sources 1
About this happening:
**Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)
Security Patch ReleaseAbout this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...
FortiGate exposed management interface exploitation wave
Exploitation Wave
First: 21.02.2026 16:49
Last: 21.02.2026 16:49
Sources 1
About this happening:
**FortiGate** management interfaces were hit by an **automated exploitation wave** that abused **internet-exposed ports** and **commonly reused credentials** to compromise **600+...
FortiGate exposed management interface exploitation wave
Exploitation WaveAbout this happening: **FortiGate** management interfaces were hit by an **automated exploitation wave** that abused **internet-exposed ports** and **commonly reused credentials** to compromise **600+...
Fortinet FortiClientEMS security update for CVE-2026-21643
Security Patch Release
First: 10.02.2026 06:38
Last: 10.02.2026 06:38
Sources 1
About this happening:
Fortinet released **security updates** for **FortiClientEMS** to fix **CVE-2026-21643**, a critical **SQL injection** flaw that could let an **unauthenticated attacker** execute a...
Fortinet FortiClientEMS security update for CVE-2026-21643
Security Patch ReleaseAbout this happening: Fortinet released **security updates** for **FortiClientEMS** to fix **CVE-2026-21643**, a critical **SQL injection** flaw that could let an **unauthenticated attacker** execute a...
Fortinet security patch release for CVE-2026-24858
Security Patch Release
First: 28.01.2026 06:49
Last: 28.01.2026 06:49
Sources 1
About this happening:
**Fortinet** began releasing **security updates** for **CVE-2026-24858**, a critical **FortiOS** authentication-bypass flaw that also affects **FortiManager** and **FortiAnalyzer*...
Fortinet security patch release for CVE-2026-24858
Security Patch ReleaseAbout this happening: **Fortinet** began releasing **security updates** for **CVE-2026-24858**, a critical **FortiOS** authentication-bypass flaw that also affects **FortiManager** and **FortiAnalyzer*...
Timeline
-
19.12.2025 17:00 1 articles · 5mo ago
Active exploitation of FortiCloud SSO bypass targets Fortinet devices
Exploitation ObservedAttackers are actively exploiting CVE-2025-59718 and CVE-2025-59719 against Fortinet devices with FortiCloud SSO enabled, using maliciously crafted SAML messages to gain admin-level access to the web management interface and download system configuration files. Shadowserver counted more than 25,000 exposed Fortinet IPs with FortiCloud SSO fingerprints, and CISA added the flaw to its catalog of actively exploited vulnerabilities with a December 23 patch deadline for U.S. government agencies.
Show sources
- Over 25,000 FortiCloud SSO devices exposed to remote attacks — www.bleepingcomputer.com — 19.12.2025 17:00
-
09.12.2025 20:36 2 articles · 5mo ago
Fortinet releases fixes for FortiCloud SSO bypass flaws
Initial DisclosureFortinet released security updates for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager to fix CVE-2025-59718 and CVE-2025-59719, critical vulnerabilities that could let attackers bypass FortiCloud SSO authentication by sending a maliciously crafted SAML message. Fortinet said the FortiCloud SSO login feature is not enabled in default factory settings on non-FortiCare-registered devices, and advised administrators to disable FortiCloud SSO login until they can upgrade to a non-vulnerable version.
Show sources
- Fortinet warns of critical FortiCloud SSO login auth bypass flaws — www.bleepingcomputer.com — 09.12.2025 20:36
- Fortinet warns of critical FortiCloud SSO login auth bypass flaws — www.bleepingcomputer.com — 09.12.2025 20:36