**Fortinet Patches Critical Authentication-Bypass Vulnerabilities**

Fortinet, a leading cybersecurity firm, has addressed 18 critical vulnerabilities, including two authentication-bypass bugs that could allow attackers to bypass FortiCloud Single Sign-On (SSO) login using crafted SAML messages. The vulnerabilities, tracked as CVE-2025-59718 and CVE-2025-59719, have been rated a CVSS score of 9.1, indicating their severity.

The authentication-bypass flaws, which were internally discovered and reported by Yonghui Han and Theo Leleu of Fortinet's Product Security team, affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when FortiCloud SSO is enabled. While FortiCloud SSO is disabled by default, it can be activated automatically during FortiCare registration if the administrator fails to disable the "Allow administrative login using FortiCloud SSO" toggle.

"Please note that the FortiCloud SSO login feature is not enabled in default factory settings," reads the advisory. "However, when an administrator registers the device to FortiCare from the device's GUI, unless the administrator disables the toggle switch 'Allow administrative login using FortiCloud SSO' in the registration page, FortiCloud SSO login is enabled upon registration."

As a temporary mitigation, Fortinet recommends disabling the FortiCloud login feature (if enabled) until upgrading to a non-affected version. It is currently unclear if these vulnerabilities have been exploited in attacks in the wild.

The discovery of these vulnerabilities highlights the importance of regular security updates and patching. Fortinet's prompt action in addressing these issues demonstrates their commitment to ensuring the security of their customers' networks.

For more information on cybersecurity news and updates, follow me on Twitter: @securityaffairs, Facebook, and Mastodon.