Cybersecurity Threat Advisory: Critical FortiCloud SSO flaws

Home / QSOL IT News / authentication bypass / Cybersecurity Threat Advisory: Critical FortiCloud SSO flaws
Cybersecurity Threat Advisory

Cybersecurity Threat AdvisoryFortinet has disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature. Both carry a CVSS score of 9.8, signaling near-maximum severity. Read this Cybersecurity Threat Advisory for more details on how to secure your network infrastructure.

What is the threat?

The first flaw, CVE‑2025‑59718 affects FortiOS, FortiProxy, and FortiSwitchManager. The second flaw, CVE‑2025‑59719 affects FortiWeb. These stem from improper cryptographic signature verification in FortiCloud SSO. Under certain conditions, Fortinet devices fail to validate SAML messages correctly, allowing attackers to submit maliciously crafted messages that appear legitimate.

Why is it noteworthy?

A CVSS score of 9.8 indicates an extremely high risk. Successful exploitation of these flaws could enable attackers to:

  • Bypass FortiCloud SSO authentication
  • Gain administrative access to Fortinet appliances
  • Escalate privileges and alter configurations
  • Move laterally across networks using compromised devices

Important: FortiCloud SSO login is disabled by default, but it becomes active when devices are registered to FortiCare and the option “Allow administrative login using FortiCloud SSO” remains enabled.

What is the exposure or risk?

The following organizations are exposed if they:

  • Use Fortinet devices with FortiCloud SSO enabled
  • Operate multi-tenant environments where FortiCloud SSO is used for centralized authentication
  • Have registered devices to FortiCare without disabling the FortiCloud SSO login option

What are the recommendations?

Barracuda strongly recommends the following actions to secure your network infrastructure:

  • Update FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager as soon as fixes are available.
  • Disable FortiCloud SSO Login: Until patching is complete, turn off this feature as recommended by Fortinet and SANS Institute.
  • Disable the “Allow administrative login using FortiCloud SSO” option if not required.
  • Apply multi-factor authentication and strict permissions across all Fortinet devices.

References

For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.

This post originally appeared on Smarter MSP.

Related Post

The 2026 Top Biotech Cybersecurity Threats: What Early-Stage

Discover the top 5 biotech cybersecurity threats for 2026 and learn proactive strategies to protect your IP, reduce risk, and

app, Biotech, biotech cybersecurity, Business, Cloud, early, QSOL Featured, Security, stage life sciences organizations, Syndicated

The 2026 Top Biotech Cybersecurity Threats: What Early-Stage

Discover the top 5 biotech cybersecurity threats for 2026 and learn proactive strategies to protect your IP, reduce risk, and

app, Biotech, Business, cybersecurity, life sciences, QSOL Featured, research workflows, Security, Syndicated

Cybersecurity Threat Advisory: Android framework exploits

Google released the December 2025 Android Security Update to address 107 vulnerabilities across the Android OS and vendor components. The

Android, Android Security Update, CVE-2025-48572, CVE-2025-48631, CVE-2025-48633, cybersecurity, Cybersecurity Threat Advisory, exploits, Featured, Google, Security, Syndicated, Threat Advisory, vulnerabilities

Then and Now: Connectivity in the 1990s vs.

In the 1990s, connectivity was physical. Wires, switches, and routers sat in a closet you could point to. The internet

1990s, AI, CISO, Cloud, cloud security, connectivity, CTO, Data, Endpoints, generative AI, IT leaders, Network Management, physical, QSOL Featured, Syndicated, today, wires