Shadowserver highlights over 25,000 Fortinet devices exposed online due to enabled FortiCloud SSO, which is exploited through a serious authentication bypass vulnerability. Cybercriminals are actively abusing this flaw to hijack admin accounts and access sensitive system configurations. #FortiCloudSSO #CVE2025-59718 #CVE2025-59719 #Shadowserver #Fortinet
Keypoints
- Over 25,000 Fortinet devices are exposed online with FortiCloud SSO enabled.
- The vulnerabilities CVE-2025-59718 and CVE-2025-59719 were patched by Fortinet on December 9th.
- Threat actors are exploiting the flaws using malicious SAML messages for admin access.
- Many devices remain publicly accessible despite known security risks.
- U.S. government agencies are mandated to patch the vulnerabilities by December 23rd.