**Fortinet Warns of Critical Flaws in FortiCloud SSO Login Feature**

A recent security advisory from Fortinet has revealed two critical vulnerabilities in its FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager products. The flaws, tracked as CVE-2025-59718 (FortiOS, FortiProxy, FortiSwitchManager) and CVE-2025-59719 (FortiWeb), allow attackers to bypass FortiCloud SSO authentication by exploiting improper verification of cryptographic signature weaknesses in vulnerable products via a maliciously crafted SAML message.

The affected FortiCloud feature is not enabled by default when the device is not registered with FortiCare. However, if an administrator registers the device and fails to disable the toggle switch 'Allow administrative login using FortiCloud SSO' in the registration page, FortiCloud SSO login becomes enabled.

To protect against attacks exploiting these vulnerabilities, administrators are advised to temporarily disable the FortiCloud login feature (if enabled) until they upgrade to a non-vulnerable version. This can be done by navigating to System -> Settings and switching "Allow administrative login using FortiCloud SSO" to Off, or running the following command from the command-line interface:

config system settings
set allow-cloud-login disable
end

Fortinet has also patched an unverified password change vulnerability (CVE-2025-59808) that allows attackers who gain access to a victim's user account to reset the account credentials without being prompted for the account's password, as well as another vulnerability (CVE-2025-64471) that can let threat actors authenticate using the hash in place of the password.

Fortinet security vulnerabilities have been frequently exploited in both ransomware and cyber-espionage attacks. For instance, Fortinet disclosed in February that the Chinese Volt Typhoon hacking group backdoored a Dutch Ministry of Defence military network using custom Coathanger remote access trojan (RAT) malware after exploiting two FortiOS SSL VPN flaws (CVE-2023-27997 and CVE-2022-42475).

Recently, in August, Fortinet patched a command injection vulnerability (CVE-2025-25256) with publicly available exploit code in its FortiSIEM security monitoring solution, one day after cybersecurity company GreyNoise reported a massive spike in brute-force attacks targeting Fortinet SSL VPNs. In November, Fortinet warned of a FortiWeb zero-day (CVE-2025-58034) that was actively exploited in attacks, just one week after confirming that it had silently patched another massively exploited FortiWeb zero-day (CVE-2025-64446).

In related news, ASUS has also issued warnings about a critical authentication bypass flaw in its AiCloud routers. Meanwhile, Grafana has announced a max severity admin spoofing vulnerability.