


Perceptive Security
SOC/SIEM Consultancy

Fortinet heeft kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiWeb en FortiSwitchManager. De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat…
Published:
16 december 2025 om 10:33:05
Alert date:
16 december 2025 om 14:58:30
Source:
ncsc.nl
Network Infrastructure, Security Tools, Identity & Access
Fortinet has patched multiple vulnerabilities in FortiOS, FortiProxy, FortiWeb and FortiSwitchManager products. The vulnerabilities allow unauthenticated attackers to gain system access through various techniques including bypassing FortiCloud SSO authentication via crafted SAML messages, maintaining active SSLVPN sessions despite password changes, and executing unauthorized operations via forged HTTP/HTTPS requests. Active exploitation of CVE-2025-59718 and CVE-2025-59719 has been observed by researchers, who have published Indicators of Compromise. NCSC recommends immediate patching, implementing mitigation measures, investigating potential compromise using published IoCs, rotating administrator passwords, and closing active administrator sessions after updates.
Technical details
Vulnerabilities allow unauthenticated attackers to gain system access through various techniques including bypassing FortiCloud SSO login authentication via specially crafted SAML messages, maintaining active SSLVPN sessions despite password changes, and executing unauthorized operations via forged HTTP or HTTPS requests. This can lead to unauthorized access to sensitive API data and other network resources. Active exploitation is being observed for CVE-2025-59718 and CVE-2025-59719, enabling attackers to bypass Single Sign On and gain access to vulnerable systems.
Mitigation steps:
Apply Fortinet updates immediately if not already done. As mitigation, disable FortiCloud SSO login to prevent authentication bypass. Use published IoCs to investigate potential exploitation. Rotate administrator account passwords. Consider closing open administrator sessions after applying updates. Implement mitigating measures if immediate patching is not possible.
Affected products:
FortiOS
FortiProxy
FortiWeb
FortiSwitchManager
Related links:
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/
https://fortiguard.fortinet.com/psirt/FG-IR-24-268
https://fortiguard.fortinet.com/psirt/FG-IR-25-411
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
https://fortiguard.fortinet.com/psirt/FG-IR-25-945
https://fortiguard.fortinet.com/psirt/FG-IR-25-984
Related CVE's:
Related threat actors:
IOC's:
Indicators of Compromise are available at Arctic Wolf blog post for investigating potential exploitation
This article was created with the assistance of AI technology by Perceptive.
