POSTING DATE: 2025/12/17

[VULNERABILITY ALERT] Fortinet Releases Critical Security Advisories for Multiple Products (CVE-2025-59718) (CVE-2025-59719)

  • Subject: [VULNERABILITY ALERT] Fortinet Releases Critical Security Advisories for Multiple Products (CVE-2025-59718) (CVE-2025-59719)


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center Security Alert TWCERTCC-200-202512-00000003
    • [CVE-2025-59718, CVSS: 9.8] An authentication bypass vulnerability exists in FortiOS, FortiProxy, and FortiSwitchManager. An unauthenticated attacker could use specially crafted SAML messages to bypass FortiCloud SSO authentication mechanisms.
    • [CVE-2025-59719, CVSS: 9.8] An authentication bypass vulnerability exists in FortiWeb. An unauthenticated attacker could use specially crafted SAML messages to bypass FortiCloud SSO authentication mechanisms.
  • Affected Platforms:
    • [CVE-2025-59718]
    • FortiOS versions 7.6.0 to 7.6.3
    • FortiOS versions 7.4.0 to 7.4.8
    • FortiOS versions 7.2.0 to 7.2.11
    • FortiOS versions 7.0.0 to 7.0.17
    • FortiProxy versions 7.6.0 to 7.6.3
    • FortiProxy versions 7.4.0 to 7.4.10
    • FortiProxy versions 7.2.0 to 7.2.14
    • FortiProxy versions 7.0.0 to 7.0.21
    • FortiSwitchManager versions 7.2.0 to 7.2.6
    • FortiSwitchManager versions 7.0.0 to 7.0.5
    • [CVE-2025-59719]
    • FortiWeb versions 7.4.0 to 7.4.9
    • FortiWeb versions 7.6.0 to 7.6.4
    • FortiWeb version 8.0.0
  • Recommended Actions:
    • [CVE-2025-59718] Please update to the following versions:
    • FortiOS version 7.6.4 (inclusive) or later
    • FortiOS version 7.4.9 (inclusive) or later
    • FortiOS version 7.2.12 (inclusive) or later
    • FortiOS version 7.0.18 (inclusive) or later
    • FortiProxy version 7.6.4 (inclusive) or later
    • FortiProxy version 7.4.11 (inclusive) or later
    • FortiProxy version 7.2.15 (inclusive) or later
    • FortiProxy version 7.0.22 (inclusive) or later
    • FortiSwitchManager version 7.2.7 (inclusive) or later
    • FortiSwitchManager version 7.0.6 (inclusive) or later
    • [CVE-2025-59719] Please update to the following versions:
    • FortiWeb version 7.4.10 (inclusive) or later
    • FortiWeb version 7.6.5 (inclusive) or later
    • FortiWeb version 8.0.1 (inclusive) or later

Computer and Communication Center
Network Systems Division, Respectfully