This alert has been written primarily for, but is not limited to, business and government.

This alert is intended for a technical audience.

Background

Fortinet has identified multiple critical vulnerabilities in a number of Fortinet Products:

• CVE-2025-59718: This vulnerability involves improper verification of cryptographic signatures in versions of Fortinet FortiOS, FortiProxy, and FortiSwitchManager, which could allow an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message.
• CVE-2025-59719: This vulnerability involves improper verification of cryptographic signatures in Fortinet FortiWeb, which could allow an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message.

ASD’s ACSC recommends that organisations take immediate action to mitigate affected products, apply the latest patches and investigate for potential compromise.

The vulnerabilities impact the following Fortinet Products:

• FortiOS
  • 7.0.0 through 7.0.17
  • 7.2.0 through 7.2.11
  • 7.4.0 through 7.4.8
  • 7.6.0 through 7.6.3
• FortiProxy
  • 7.0.0 through 7.0.21
  • 7.2.0 through 7.2.14
  • 7.4.0 through 7.4.10
  • 7.6.0 through 7.6.3
• FortiSwitchManager
  • 7.0.0 through 7.0.5
  • 7.2.0 through 7.2.6
• FortiWeb
  • 7.4.0 through 7.4.9
  • 7.6.0 through 7.6.4
  • 8.0.0

Mitigation advice

Australian organisations should review their networks for use of vulnerable versions of the Fortinet Products, and consult the Fortinet Advisory for mitigation advice and patching.

Mitigation may include disabling FortiCloud login (if enabled) until the latest patches are applied.

Organisations should also investigate for any unauthorised access or compromise of affected products.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).