The National Computer Emergency Response Team (National CERT) has issued a critical advisory regarding two severe vulnerabilities in Fortinet FortiCloud Single Sign-On (SSO). These flaws carry a catastrophic CVSS score of 9.8, allowing remote, unauthenticated attackers to bypass login controls completely.
If you rely on FortiCloud SSO to manage your firewalls or switches, your infrastructure is at immediate risk.
The vulnerabilities, tracked as CVE-2025-59718 and CVE-2025-59719, affect the FortiCloud SSO authentication mechanism. This feature centrally manages security appliances like firewalls, proxies, and web security devices.
The attack vector is straightforward yet devastating. An attacker requires no privileges and no user interaction. They can simply exploit the SSO login process to gain full administrative access. Once inside, they can execute a complete account takeover, modify security configurations, and access sensitive log data.
The vulnerability spans multiple product lines. Check your versions immediately against the table below.
| Product | Vulnerable Versions |
| FortiOS |
7.0.0 – 7.0.17 7.2.0 – 7.2.1 7.4.0 – 7.4.8 7.6.0 – 7.6.3 |
| FortiProxy |
7.0.0 – 7.0.2 7.2.0 – 7.2.1 7.4.0 – 7.4.10 7.6.0 – 7.6.3 |
| FortiSwitchManager |
7.0.0 – 7.0.5 7.2.0 – 7.2.6 |
| FortiWeb |
7.4.0 – 7.4.8 7.6.0 – 7.6.4 All 8.0 Builds |
If you cannot patch immediately, you must disable FortiCloud SSO to stop the bleeding. National CERT recommends the following CLI workaround.
Execute the following command on the affected devices’ CLI:
config system global
set admin-forticloud-sso-login disable
end
Alternatively, you can apply a fix using your GUI as well:
System → Settings → Switch → Allow administrative login using FortiCloud SSO → Off
Note: This is a temporary fix. Patching is mandatory.
Sysadmins must review logs for signs of past exploitation. Look for these specific red flags:
Fortinet has released patched versions. Update your devices to the following builds immediately: