Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet CVE-2025-59718 mitigation guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 59
2 unique sources, 3 articles

Summary

Hide ▲

Fortinet told customers to immediately harden FortiCloud SSO exposure for CVE-2025-59718, because attackers are still abusing the flaw against fully patched firewalls. The guidance tells admins to restrict Internet-facing administrative access with a local-in policy and disable FortiCloud SSO until the issue is fully remediated. Fortinet also said affected operators should treat devices as compromised if the listed indicators appear and rotate credentials and restore a known clean configuration.

Related Happenings

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...

Open Happening

CISA KEV listing and FCEB patch order for CVE-2026-35616

Public Sector Action
First: 06.04.2026 19:02 Last: 06.04.2026 19:02 Sources 1

About this happening: **CISA** added **CVE-2026-35616** to the **KEV Catalog** and ordered **FCEB agencies** to patch **FortiClient EMS** by **Thursday midnight, April 9**. The mandate matters because...

Open Happening

FortiClient EMS improper access control flaw (CVE-2026-35616)

Vulnerability
First: 05.04.2026 21:45 Last: 05.04.2026 21:45 Sources 1

About this happening: **CVE-2026-35616** is being **actively exploited** against **FortiClient Enterprise Management Server (EMS)**, putting exposed **7.4.5 and 7.4.6** deployments at risk of remote co...

Open Happening

Fortinet FortiClient EMS SQL injection actively exploited SQL injection flaw (CVE-2026-21643)

Vulnerability
First: 30.03.2026 10:48 Last: 30.03.2026 10:48 Sources 1

About this happening: Active exploitation of **CVE-2026-21643** is putting **Fortinet FortiClient EMS** deployments at risk of **unauthenticated arbitrary code or command execution** on unpatched syste...

Open Happening

Timeline

  1. 23.01.2026 12:39 1 articles · 4mo ago

    FortiCloud SSO bypass exploitation begins

    Exploitation Observed

    Attackers began exploiting CVE-2025-59718 against fully patched Fortinet firewalls, creating VPN-capable accounts and stealing firewall configurations within seconds, which points to likely automated abuse of a FortiCloud SSO authentication bypass.

    Show sources
    Open in new tab
  2. 23.01.2026 12:39 4 articles · 4mo ago

    Fortinet issues CVE-2025-59718 hardening guidance

    Mitigation Patch Update

    Fortinet said fully upgraded devices were affected by a new attack path tied to CVE-2025-59718, confirmed it is working on a fix, and told customers to restrict Internet-facing administrative access with a local-in policy, disable the FortiCloud SSO login option, and treat exposed systems and configurations as compromised if the listed indicators appear.

    Show sources
    Open in new tab