top of page
perceptive_background_267k.jpg

Fortinet heeft kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager. De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat…

Published:

16 december 2025 om 10:33:05

Alert date:

16 december 2025 om 14:58:30

Source:

ncsc.nl

Click to open the original link from this advisory

Network Infrastructure, Security Tools, Identity & Access

Fortinet has patched multiple vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager products. The vulnerabilities allow unauthenticated attackers to gain system access through various techniques including bypassing FortiCloud SSO authentication via crafted SAML messages, maintaining active SSLVPN sessions despite password changes, and executing unauthorized operations via forged HTTP/HTTPS requests. Active exploitation of CVE-2025-59718 and CVE-2025-59719 has been observed by researchers, who have published Indicators of Compromise. NCSC recommends immediate patching, implementing mitigation measures, investigating potential compromise using published IoCs, rotating administrator passwords, and closing active administrator sessions after updates.

Technical details

Vulnerabilities allow unauthenticated attackers to gain system access through various techniques including bypassing FortiCloud SSO login authentication via specially crafted SAML messages, maintaining active SSLVPN sessions despite password changes, and executing unauthorized operations via forged HTTP or HTTPS requests. This can lead to unauthorized access to sensitive API data and other network resources. Active exploitation is being observed for CVE-2025-59718 and CVE-2025-59719, enabling attackers to bypass Single Sign On and gain access to vulnerable systems.

Mitigation steps:

Apply Fortinet updates immediately if not already done. As mitigation, disable FortiCloud SSO login to prevent authentication bypass. Use published IoCs to investigate potential exploitation. Rotate administrator account passwords. Consider closing open administrator sessions after applying updates. Implement mitigating measures if immediate patching is not possible.

Affected products:

FortiOS
FortiProxy
FortiWeb
FortiSwitchManager

Related links:

https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/
https://fortiguard.fortinet.com/psirt/FG-IR-24-268
https://fortiguard.fortinet.com/psirt/FG-IR-25-411
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://fortiguard.fortinet.com/psirt/FG-IR-25-945
https://fortiguard.fortinet.com/psirt/FG-IR-25-984

Related CVE's:

Related threat actors:

IOC's:

Indicators of Compromise are available at Arctic Wolf blog post for investigating potential exploitation

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page