Overview
A critical authentication bypass vulnerability in Fortinet products (CVE‑2025‑59718) is being actively exploited globally, including against systems believed to be fully patched.
Multiple independent reports confirm that the latest FortiOS patches (including 7.4.9 and 7.4.10) do not fully mitigate the vulnerability, and attackers are successfully bypassing FortiCloud SSO protections.
Fortinet is a global leader cyber security solutions (such as firewalls and cloud security, and several products are known to be used by businesses across the Island.
Impact
- Authentication bypass enabling attackers to gain full administrative access to FortiGate and related devices.
- Creation of persistent admin accounts (e.g., helpdesk, audit) following unauthorized SSO logins.
- Firewall configurations stolen in automated attacks observed since mid‑January.
- Active exploitation confirmed globally with thousands of internet‑exposed Fortinet devices still running vulnerable FortiCloud SSO configurations.
Affected Products
The following products are known to be affected:
- FortiOS (multiple branches including 7.4.x, 7.6.x, and pre‑release 8.0.x)
- FortiWeb
- FortiProxy
- FortiSwitchManager
Recommended Actions
As of 23/01/2026, Fortinet has not yet issued a fully effective fix, and new versions are expected to address these vulnerabilities.
In the meantime, administrators may consider workarounds such as disabling affected functionality and reducing exposure on the public Internet.