Critical Fortinet Flaw Risks Unauthenticated Admin Bypass via FortiCloud SSO SAML Forgery
Ddos 
Fortinet has issued an urgent security advisory following the discovery of a critical vulnerability affecting its flagship network security products. The flaw, which carries a critical CVSS score of 9.1, allows unauthenticated attackers to bypass authentication mechanisms and potentially gain administrative access to devices via the FortiCloud Single Sign-On (SSO) feature.
The vulnerability, tracked as CVE-2025-59718 and CVE-2025-59719, is an “Improper Verification of Cryptographic Signature” issue (CWE-347). It affects multiple product lines, including FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager.
According to the advisory, the flaw “may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message, if that feature is enabled on the device” . This means an attacker could forge a security token that the system accepts as valid, granting them access without needing a legitimate username or password.
While Fortinet notes that “the FortiCloud SSO login feature is not enabled in default factory settings,” there is a significant caveat that may leave many administrators unknowingly exposed.
The feature is automatically enabled during device registration. “When an administrator registers the device to FortiCare from the device’s GUI… FortiCloud SSO login is enabled upon registration” unless explicitly disabled. This automatic opt-in behavior increases the likelihood that organizations are vulnerable without realizing it.
Fortinet has released patches for affected versions and is urging customers to upgrade immediately.
- FortiOS: Upgrade to 7.6.4, 7.4.9, 7.2.12, or 7.0.18.
- FortiProxy: Upgrade to 7.6.4, 7.4.11, 7.2.15, or 7.0.22 .
- FortiWeb: Upgrade to 8.0.1, 7.6.5, or 7.4.10.
- FortiSwitch Manager: Upgrade to 7.2.7 or 7.0.6.
For those unable to patch immediately, Fortinet provides a critical mitigation: “Please turn off the FortiCloud login feature (if enabled) temporarily until upgrading to a non-affected version” . This can be done via the GUI or by running the following CLI command: config system global set admin-forticloud-sso-login disable end.
Donate