Summary
| Item | Details |
| Vulnerability Name | Authentication Bypass in Multiple Fortinet Products (CVE-2025-59718) |
| Released on | December 12, 2025 |
| Affected Component | Fortinet FortiOS |
| Affected Version | 7.6.0 ≤ FortiOS ≤ 7.6.3 7.4.0 ≤ FortiOS ≤ 7.4.8 7.2.0 ≤ FortiOS ≤ 7.2.11 7.0.0 ≤ FortiOS ≤ 7.0.17 7.6.0 ≤ FortiProxy ≤ 7.6.3 7.4.0 ≤ FortiProxy ≤ 7.4.10 7.2.0 ≤ FortiProxy ≤ 7.2.14 7.0.0 ≤ FortiProxy ≤ 7.0.21 7.2.0 ≤ FortiSwitchManager ≤ 7.2.6 7.0.0 ≤ FortiSwitchManager ≤ 7.0.5 FortiWeb 8.0.0 7.6.0 ≤ FortiWeb ≤ 7.6.4 7.4.0 ≤ FortiWeb ≤ 7.4.9 |
| Vulnerability Type | Authentication vulnerability |
| Exploitation Condition | 1.User authentication: not required. 2.Precondition: default configurations. 3.Trigger mode: remote. |
| Impact | Exploitation difficulty: easy. This vulnerability may lead to a service compromise. Severity: critical. This vulnerability may lead to a service compromise. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
Fortinet FortiOS is a security operating system developed by Fortinet for the FortiGate platform. This system offers users various security features, such as firewall, antivirus, IPsec/SSL VPN, web content filtering, and anti-spam.
Vulnerability Description
On December 12, 2025, Sangfor FarSight Labs received notification of the authentication bypass vulnerability in multiple Fortinet products (CVE-2025-59718), classified as critical in threat level.
Specifically, multiple Fortinet products contain an authentication vulnerability caused by the improper verification of cryptographic signatures. Unauthenticated attackers can exploit this vulnerability to bypass the FortiCloud SSO login authentication via a crafted Security Assertion Markup Language (SAML) response. Consequently, the server may be compromised.
Affected Versions
The following Fortinet versions are affected:
| Affected Versions | Details |
| Affected Versions | The following Fortinet versions are affected: 7.6.0 ≤ FortiOS ≤ 7.6.3 7.4.0 ≤ FortiOS ≤ 7.4.8 7.2.0 ≤ FortiOS ≤ 7.2.11 7.0.0 ≤ FortiOS ≤ 7.0.17 7.6.0 ≤ FortiProxy ≤ 7.6.3 7.4.0 ≤ FortiProxy ≤ 7.4.10 7.2.0 ≤ FortiProxy ≤ 7.2.14 7.0.0 ≤ FortiProxy ≤ 7.0.21 7.2.0 ≤ FortiSwitchManager ≤ 7.2.6 7.0.0 ≤ FortiSwitchManager ≤ 7.0.5 FortiWeb 8.0.0 7.6.0 ≤ FortiWeb ≤ 7.6.4 7.4.0 ≤ FortiWeb ≤ 7.4.9 |
Solutions
Remediation Solutions
| Solutions | Details |
| Remediation Solutions | Official Solution The latest versions have been officially released to fix the vulnerability. Affected users are advised to update Fortinet to the following versions as needed: FortiOS 7.6.4 FortiOS 7.4.9 FortiOS 7.2.12 FortiOS 7.0.18 FortiProxy 7.6.4 FortiProxy 7.4.11 FortiProxy 7.2.15 FortiProxy 7.0.22 FortiSwitchManager 7.2.7 FortiSwitchManager 7.0.6 FortiWeb 8.0.1 FortiWeb 7.6.5 FortiWeb 7.4.10 |
Temporary Solutions
1. Disable unused functional modules to reduce attack entry points.
2. Follow the principle of least privilege to strictly control the scope of permissions for sensitive operations.
3. Do not expose services to the Internet unless necessary, to limit the access sources to trusted ranges.
4. Regularly update the system and components to secure versions so that known vulnerabilities can be patched at the earliest opportunity.
Sangfor Solutions
Proactive Vulnerability Detection
The following Sangfor services can proactively detect CVE-2025-59718 vulnerabilities and quickly identify vulnerability risks in batches in business scenarios:
- Athena Managed Detection and Response (MDR): The corresponding detection solution will be released on December 30, 2025. The rule ID is SF-2025-01470.
- Athena Extended Detection and Response (XDR): The corresponding detection solution will be released on December 19, 2025. The rule ID is SF-2025-02422.
Vulnerability Monitoring
The following Sangfor services support CVE-2025-59718 vulnerability monitoring, and can quickly identify affected assets and the impact scope in business scenarios in real time through traffic collection:
- Athena Network Detection and Response (NDR): The corresponding monitoring solution will be released on December 19, 2025. The rule ID is 11220050.
- Athena MDR: The corresponding monitoring solution will be released on December 19, 2025. The rule ID is 11220050. In this case, make sure that Athena MDR is integrated with Athena NDR.
- Athena XDR: The corresponding monitoring solution will be released on December 19, 2025. The rule ID is 11220050.
Vulnerability Prevention
The following Sangfor services can effectively block CVE-2025-59718 exploits:
- Athena Next-Generation Firewall (NGFW): The corresponding prevention solution will be released on December 19, 2025. The rule ID is 11220050.
- Sangfor Web Application Firewall (WAF): The corresponding prevention solution will be released on December 19, 2025. The rule ID is 11220050.
- Athena MDR: The corresponding prevention solution will be released on December 19, 2025. The rule ID is 11220050. In this case, make sure that Athena MDR is integrated with Athena NGFW.
- Athena XDR: The corresponding prevention solution will be released on December 19, 2025. The rule ID is 11220050. In this case, make sure that Athena XDR is integrated with Athena NGFW.
Timeline
On December 12, 2025, Sangfor FarSight Labs received notification of the authentication bypass vulnerability in multiple Fortinet products (CVE-2025-59718).
On December 12, 2025, Sangfor FarSight Labs released a vulnerability alert.
Reference
https://www.fortiguard.com/psirt/FG-IR-25-647
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
