Ethical Hacking News
Fortinet has patched two critical authentication-bypass vulnerabilities that could potentially be exploited by sophisticated attackers. The patches address improper verification of cryptographic signature issues in various Fortinet products and are now available for download on the Fortinet website.
Fortinet has patched two critical authentication-bypass vulnerabilities in its products, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The patches address improper verification of cryptographic signature issues and are available for download on the Fortinet website. The affected products include versions 7.67.6.0 through 7.6.3, 7.47.4.0 through 7.4.8, and 7.27.2.0 through 7.2.11 of FortiOS and FortProxy. Fortinet recommends disabling the FortiCloud SSO login feature as a temporary mitigation until upgrading to a non-affected version.
Fortinet has taken significant steps to bolster the security posture of its users by patching two critical authentication-bypass vulnerabilities that could potentially be exploited by sophisticated attackers. The patches, which are now available for download, address vulnerabilities in various Fortinet products, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.
According to a recent advisory issued by Fortinet, the vulnerabilities, tracked as CVE-2025-59718 and CVE-2025-59719, are improper verification of cryptographic signature issues. This means that an attacker could potentially bypass authentication mechanisms using a crafted SAML message, if the feature is enabled. The vulnerability has been rated at CVSS score 9.1, indicating its potential severity.
The affected products include FortiOS versions 7.67.6.0 through 7.6.3, 7.47.4.0 through 7.4.8, and 7.27.2.0 through 7.2.11. In addition, FortProxy versions 7.67.6.0 through 7.6.3, 7.47.4.0 through 7.4.10, and 7.27.2.0 through 7.2.14 are also impacted. FortiSwitchManager versions 7.27.2.0 through 7.2.6 and 7.07.0.0 through 7.0.5 are also affected.
Fortunately, Fortinet has released patches for these vulnerabilities, which users can download to address the issues. According to the vendor, users should disable the FortiCloud SSO login feature until upgrading to a non-affected version as a temporary mitigation.
In addition to addressing the authentication-bypass vulnerabilities, Fortinet has also patched 16 other flaws in its products. The patches are now available for download on the Fortinet website.
The vulnerabilities were internally discovered and reported by Yonghui Han and Theo Leleu of Fortinet's Product Security team. It is unclear whether any of these vulnerabilities have been exploited in attacks in the wild at this time.
In light of this new information, users who rely on Fortinet products are advised to take immediate action to address the vulnerabilities. This includes disabling the FortiCloud SSO login feature and upgrading to a non-affected version as soon as possible. Users can download the patches from the Fortinet website and follow the vendor's instructions for installation.
Furthermore, it is essential to note that Fortinet has taken proactive steps to address these vulnerabilities. The company's commitment to security is evident in its swift response to these issues, which will undoubtedly provide users with peace of mind knowing that their systems are protected against sophisticated attacks.
Fortinet has patched two critical authentication-bypass vulnerabilities that could potentially be exploited by sophisticated attackers. The patches address improper verification of cryptographic signature issues in various Fortinet products and are now available for download on the Fortinet website.
Related Information:
https://www.ethicalhackingnews.com/articles/Fortinet-Patches-Critical-Authentication-Bypass-Vulnerabilities-to-Protect-Against-Sophisticated-Attacks-ehn.shtml
https://securityaffairs.com/185546/security/fortinet-fixed-two-critical-authentication-bypass-vulnerabilities.html
https://www.securityweek.com/fortinet-patches-critical-authentication-bypass-vulnerabilities/
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/
https://nvd.nist.gov/vuln/detail/CVE-2025-59718
https://www.cvedetails.com/cve/CVE-2025-59718/
https://nvd.nist.gov/vuln/detail/CVE-2025-59719
https://www.cvedetails.com/cve/CVE-2025-59719/
Published: Wed Dec 10 16:55:05 2025 by llama3.2 3B Q4_K_M
