Urgent Alert: Vulnerabilities Found in Fortinet Products
The Australian Cyber Security Agency (ACSC) is issuing an urgent warning to organizations regarding critical vulnerabilities identified in various Fortinet products. These vulnerabilities, listed as CVE-2025-59718 and CVE-2025-59719, could potentially allow attackers to exploit existing security measures, putting sensitive network data at risk.
Understanding the Vulnerabilities
Both vulnerabilities stem from improper verification of cryptographic signatures. Specifically, CVE-2025-59718 affects Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager, while CVE-2025-59719 impacts FortiWeb. Attackers could potentially bypass FortiCloud Single Sign-On (SSO) authentication by sending a specially crafted SAML response message.
As outlined in an advisory released on December 10, the ACSC emphasizes the importance of reviewing network configurations to ensure that no vulnerable Fortinet products are in use across your systems.
Recommended Actions for Organizations
In light of these vulnerabilities, the ACSC suggests organizations undertake the following actions:
- Asset Review: Conduct a thorough assessment of your network to identify any installations of the affected Fortinet products.
- Consult Fortinet Advisory: Refer to the official Fortinet Advisory for detailed mitigation steps and patching guidance.
- Disable FortiCloud Login: If the FortiCloud feature is enabled, consider disabling it temporarily until the necessary updates are applied.
Organizations are also encouraged to monitor for any signs of unauthorized access or potential compromise of their affected systems.
Details From Fortinet
Fortinet has provided additional insights regarding the vulnerabilities. It’s important to note that the FortiCloud SSO login feature is not enabled by default in factory settings. However, if an administrator registers a device to FortiCare and does not disable the option for administrative login via FortiCloud SSO during this process, the feature becomes active.
To avoid vulnerability, Fortinet recommends turning off the FortiCloud login feature if it has been enabled, at least until users can upgrade to a secure version that does not exhibit these vulnerabilities.
Affected Products and Versions
The following Fortinet products are affected by the vulnerabilities:
FortiOS
- Versions 7.0.0 through 7.0.17
- Versions 7.2.0 through 7.2.11
- Versions 7.4.0 through 7.4.8
- Versions 7.6.0 through 7.6.3
FortiProxy
- Versions 7.0.0 through 7.0.21
- Versions 7.2.0 through 7.2.14
- Versions 7.4.0 through 7.4.10
- Versions 7.6.0 through 7.6.3
FortiSwitchManager
- Versions 7.0.0 through 7.0.5
- Versions 7.2.0 through 7.2.6
FortiWeb
- Versions 7.4.0 through 7.4.9
- Versions 7.6.0 through 7.6.4
- Version 8.0.0
Conclusion
With cyber threats only becoming more sophisticated, organizations utilizing Fortinet products should prioritize reviewing their systems for these vulnerabilities. Taking proactive measures can significantly enhance security and safeguard vital data from potential breaches. Be sure to stay informed about emerging vulnerabilities and continue educating your team on cybersecurity best practices. For complete details and updates, consult Fortinet’s advisory documentation.
