Hackers are exploiting two critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) in Fortinet products to gain unauthorized admin access and steal configuration files. The exploits target FortiCloud SSO authentication bypass, especially when enabled, posing significant security risks. #FortiCloudSSO #CVE202559718 #CVE202559719 #FortinetVulnerabilities
Keypoints
- Two vulnerabilities, CVE-2025-59718 and CVE-2025-59719, affect multiple Fortinet products.
- Exploit involves bypassing FortiCloud SSO authentication via cryptographic signature flaws.
- Attackers targeted admin accounts to access management interfaces and download system configurations.
- Affected products exclude FortiOS 6.4 and certain FortiWeb versions; updates are recommended.
- Admins should disable FortiCloud login temporarily and upgrade to recommended versions to prevent exploitation.