—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authentication Bypass Vulnerability in Fortinet Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

FortiOS – versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, and 7.0.0 through 7.0.17

FortiProxy – versions 7.6.0 through 7.6.3, 7.4.0 through 7.4.10, 7.2.0 through 7.2.14, and 7.0.0 through 7.0.21

FortiSwitchManager – versions 7.2.0 through 7.2.6 and 7.0.0 through 7.0.5

FortiWeb – versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9

Overview

A vulnerability has been reported in Fortinet products that could allow a remote attacker to bypass authentication and gain unauthorised access on the targeted system.

Target Audience:

All organisations and individuals are using vulnerable versions of Fortinet products.

Risk Assessment:

High risk of unauthorised access and potential information disclosure.

Impact Assessment:

Potential for system compromise.

Description

Fortinet is a global cybersecurity company that provides network security solutions, including firewalls, VPNs, and intrusion prevention systems.

The vulnerability exists due to improper verification of cryptographic signatures in SAML response used by the FortiCloud SSO authentication mechanism. A remote attacker can exploit this flaw by sending specially crafted SAML assertion.

Successful exploitation of this vulnerability could enable an attacker to bypass authentication and gain unauthorised access to the targeted system.

Note: The vulnerability is exploitable only when FortiCloud SSO is enabled, which is not the default configuration. However, if the feature is not explicitly disabled, it is automatically activated when devices are registered through the FortiCare user interface.

Solution

Apply appropriate updates as provided by vendor:

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

Vendor Information

Fortinet

https://fortiguard.fortinet.com/psirt/FG-IR-25-647

References

BleepingComputer

https://www.bleepingcomputer.com/news/security/hackers-exploit-newly-patched-fortinet-auth-bypass-flaws/

CVE Name

CVE-2025-59718

CVE-2025-59719

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlEC48ACgkQ3jCgcSdc

ys8wzw//VtKcVdlH9kUTkP60MSXWPDqGCfXeB8hJvsjIWlHr7N2KcD1Ce9KAgUA8

QoSjnAUhzxAMPlc+05+RIV/NnMTX3DFQJ0dkmcCd5ZJlHnEXTtt0s164qMr1IsjG

Qs65bXov50iBnSyVHGkhcWuE27bUO6xgBwTQ6HYSxqpVPEQEqII9LHYKkzmxhXoZ

8eKem29eiYQ61ovzd8tezgsqVyb6tWNHl0ltTLQcQu1k5+GYRaqf9OXhO0k2uppq

OXcbC2mMPbgxs1DRJEumUF+y6NaUdZVG1zhRfVtv3vxc0XI1PNjpmukvI/7jkZqO

8YGn0oCQcQcNROLnweo5QJ7Zjp7lfKZe/mhz08XHuAMKRwcvFIX+5yZSuERm+qja

qzC2td+Tn8oCH1oU2ScDfdmcKd1FO7b2k43HSl5uoxaAf1UOcWrWj8lrV+nrICK8

7klFrCrOg90Z2RHAHPUWt/+ua09ksv8wYOmXG6/HyUcdDY5BgfhzSVKtwHnDRZJU

ywKWfeOrEoCHkNGeb6k8iLtNxJFV98cDB5mWGX1jQgvTRIlJkZ1CtHmmNZPyv0fT

swSk/xu9eAhTKOLtPK+z2DbAIdw96j+gKX2eiVUM8nhDWqopW8DPhUG+4oCajfVP

h8kjjhw6vRQfw+px5IjvTUGUW2RWTMULDooojxWspkSyQs0JoA4=

=6JCP

—–END PGP SIGNATURE—–