top of page
perceptive_background_267k.jpg

Fortinet heeft kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager. De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat…

Published:

23 January 2026 at 13:20:09

Alert date:

16 December 2025 at 14:58:30

Source:

ncsc.nl

Click to open the original link from this advisory

Network Infrastructure, Security Tools, Identity & Access

Fortinet addressed multiple vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager allowing unauthenticated attackers to bypass FortiCloud SSO authentication via crafted SAML messages, maintain active SSLVPN sessions despite password changes, and execute unauthorized operations via forged HTTP/HTTPS requests. CVE-2025-59718 and CVE-2025-59719 are actively exploited for SSO bypass attacks. Initial updates proved insufficient as attacks continued on patched systems. Both Fortinet and ArcticWolf have released IoCs and additional mitigation measures.

Technical details

Multiple vulnerabilities in Fortinet products allow unauthenticated attackers to gain system access through various techniques including bypassing FortiCloud SSO login authentication via specially crafted SAML messages, maintaining active SSLVPN sessions despite password changes, and executing unauthorized operations via forged HTTP or HTTPS requests. This can lead to unauthorized access to sensitive API data and other network resources. Researchers report active exploitation of CVE-2025-59718 and CVE-59719 vulnerabilities that allow attackers to bypass Single Sign On authentication.

Mitigation steps:

Apply Fortinet updates immediately if not already done. As mitigation measure, disable FortiCloud SSO login to prevent authentication bypass. Implement mitigating measures and use published IoCs to investigate potential abuse. Rotate administrator account passwords based on investigation results. Consider closing open administrator sessions after deploying updates. Investigate systems using provided IoCs for signs of compromise.

Affected products:

FortiOS
FortiProxy
FortiWeb
FortiSwitchManager

Related links:

https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/
https://fortiguard.fortinet.com/psirt/FG-IR-24-268
https://fortiguard.fortinet.com/psirt/FG-IR-25-411
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://fortiguard.fortinet.com/psirt/FG-IR-25-945
https://fortiguard.fortinet.com/psirt/FG-IR-25-984

Related CVE's:

Related threat actors:

IOC's:

Indicators of Compromise are available at: https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page