Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN888 _____________________________________________________________________ DATE : 19/12/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running FortiOS versions prior to 7.6.4, 7.4.9, 7.2.12, 7.0.18, FortiWeb versions prior to 8.0.1, 7.6.5, 7.4.10, FortiProxy versions prior to 7.6.4, 7.4.11, 7.2.15, 7.0.22, FortiSwitchManager versions prior to 7.2.7, 7.0.6. ===================================================================== https://fortiguard.fortinet.com/psirt/FG-IR-25-647 _____________________________________________________________________ Multiple Fortinet Products' FortiCloud SSO Login Authentication Bypass Summary An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message, if that feature is enabled on the device. Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device's GUI, unless the administrator disables the toggle switch "Allow administrative login using FortiCloud SSO" in the registration page, FortiCloud SSO login is enabled upon registration. To prevent being affected by this vulnerability on vulnerable versions, please turn off the FortiCloud login feature (if enabled) temporarily until upgrading to a non-affected version. To turn off FortiCloud login, go to System -> Settings -> Switch "Allow administrative login using FortiCloud SSO" to Off. Or type the following command in the CLI: config system global set admin-forticloud-sso-login disable end Version Affected Solution FortiOS 7.6 7.6.0 through 7.6.3 Upgrade to 7.6.4 or above FortiOS 7.4 7.4.0 through 7.4.8 Upgrade to 7.4.9 or above FortiOS 7.2 7.2.0 through 7.2.11 Upgrade to 7.2.12 or above FortiOS 7.0 7.0.0 through 7.0.17 Upgrade to 7.0.18 or above FortiOS 6.4 Not affected Not Applicable FortiProxy 7.6 7.6.0 through 7.6.3 Upgrade to 7.6.4 or above FortiProxy 7.4 7.4.0 through 7.4.10 Upgrade to 7.4.11 or above FortiProxy 7.2 7.2.0 through 7.2.14 Upgrade to 7.2.15 or above FortiProxy 7.0 7.0.0 through 7.0.21 Upgrade to 7.0.22 or above FortiSwitchManager 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above FortiSwitchManager 7.0 7.0.0 through 7.0.5 Upgrade to 7.0.6 or above FortiWeb 8.0 8.0.0 Upgrade to 8.0.1 or above FortiWeb 7.6 7.6.0 through 7.6.4 Upgrade to 7.6.5 or above FortiWeb 7.4 7.4.0 through 7.4.9 Upgrade to 7.4.10 or above FortiWeb 7.2 Not affected Not Applicable FortiWeb 7.0 Not affected Not Applicable Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool Acknowledgement Internally discovered and reported by Yonghui Han and Theo Leleu of Fortinet Product Security team. Timeline 2025-12-09: Initial publication IR Number FG-IR-25-647 Published Date Dec 9, 2025 Component GUI Severity Critical CVSSv3 Score 9.1 Impact Improper access control CVE ID CVE-2025-59718 CVE-2025-59719 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================