Cyber Security News

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

CybersecurityNews
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

Fortinet confirmed that recent attacks are bypassing FortiCloud single sign-on authentication even on devices patched against CVE-2025-59718 and CVE-2025-59719. Attackers automate configuration changes on FortiGate devices to add accounts, enable VPN access, and exfiltrate configuration files, prompting Fortinet to share IOCs and recommend disabling FortiCloud SSO and restricting administrative access. #FortiCloud #CVE-2025-59718

Keypoints

  • Fortinet confirmed exploitation of FortiCloud SSO on devices fully patched against recent CVEs.
  • Attackers use automation to create user accounts, enable VPN access, and exfiltrate device configurations.
  • The campaign resembles December 2025 attacks exploiting CVE-2025-59718 and CVE-2025-59719.
  • Fortinet has released IOCs and advises blocking internet-facing administrative access and restricting it to local IPs.
  • As a workaround, organizations should disable FortiCloud SSO and apply a local-in policy while Fortinet develops a fix.

Read More: https://www.securityweek.com/fortinet-confirms-forticloud-sso-exploitation-against-patched-devices/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint