The Australian Cyber Security Centre has issued a technical alert advising business and government organisations to take immediate action following the discovery of multiple critical vulnerabilities affecting several Fortinet products.
The flaws, disclosed by Fortinet, relate to improper verification of cryptographic signatures and could allow unauthenticated attackers to bypass FortiCloud single sign-on authentication using crafted SAML response messages.
Two vulnerabilities have been identified. CVE-2025-59718 affects FortiOS, FortiProxy and FortiSwitchManager, while CVE-2025-59719 affects FortiWeb. Both expose organisations to authentication bypass risks, and the ACSC recommends urgent mitigation, including patching and investigations for signs of compromise.
The vulnerabilities impact the following product versions:
FortiOS
- 7.0.0 to 7.0.17
- 7.2.0 to 7.2.11
- 7.4.0 to 7.4.8
- 7.6.0 to 7.6.3
FortiProxy
- 7.0.0 to 7.0.21
- 7.2.0 to 7.2.14
- 7.4.0 to 7.4.10
- 7.6.0 to 7.6.3
FortiSwitchManager
- 7.0.0 to 7.0.5
- 7.2.0 to 7.2.6
FortiWeb
- 7.4.0 to 7.4.9
- 7.6.0 to 7.6.4
- 8.0.0
Australian organisations are recommended to review their environments, identify affected versions and follow Fortinet’s mitigation guidance. Recommended actions include applying the latest patches as soon as possible and disabling FortiCloud login, where enabled, until updates are deployed. Organisations should also investigate for any signs of unauthorised access or attempted compromise.
Assistance is available for organisations that have been impacted or require guidance. The ACSC can be contacted via 1300 CYBER1 (1300 292 371). Full details of the alert can be found on cyber.gov.au, and incidents of cybercrime can be reported through ReportCyber.
