Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】Fortinet Releases a Critical Security Advisory for Multiple Products (CVE-2025-59718) (CVE-2025-59719)

publish date : 2025-12-19 update date : 2025-12-19

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025121601120909 Publication Time 2025/12/16 13:12
Incident Type ANA-Vulnerability Alert Discovery Time 2025/12/16 13:12
Impact Level Low  
[Subject]
【Vulnerability Alert】Fortinet Releases a Critical Security Advisory for Multiple Products (CVE-2025-59718) (CVE-2025-59719)

[Content]
Forwarded from TWCERTCC-200-202512-00000003

【CVE-2025-59718, CVSS: 9.8】FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability. Unauthenticated attackers can exploit specially crafted SAML messages to bypass the FortiCloud SSO authentication mechanism.

【CVE-2025-59719, CVSS: 9.8】FortiWeb contains an authentication bypass vulnerability. Unauthenticated attackers can exploit specially crafted SAML messages to bypass the FortiCloud SSO authentication mechanism.

Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
【CVE-2025-59718】

FortiOS versions 7.6.0 through 7.6.3

FortiOS versions 7.4.0 through 7.4.8

FortiOS versions 7.2.0 through 7.2.11

FortiOS versions 7.0.0 through 7.0.17

FortiProxy versions 7.6.0 through 7.6.3

FortiProxy versions 7.4.0 through 7.4.10

FortiProxy versions 7.2.0 through 7.2.14

FortiProxy versions 7.0.0 through 7.0.21

FortiSwitchManager versions 7.2.0 through 7.2.6

FortiSwitchManager versions 7.0.0 through 7.0.5

【CVE-2025-59719】

FortiWeb versions 7.4.0 through 7.4.9

FortiWeb versions 7.6.0 through 7.6.4

FortiWeb version 8.0.0

[Recommended Actions]
【CVE-2025-59718】Please update to the following versions:

FortiOS versions 7.6.4 and later

FortiOS versions 7.4.9 and later

FortiOS versions 7.2.12 and later

FortiOS versions 7.0.18 and later

FortiProxy versions 7.6.4 and later

FortiProxy versions 7.4.11 and later

FortiProxy versions 7.2.15 and later

FortiProxy versions 7.0.22 and later

FortiSwitchManager versions 7.2.7 and later

FortiSwitchManager versions 7.0.6 and later

【CVE-2025-59719】Please update to the following versions:

FortiWeb versions 7.4.10 and later

FortiWeb versions 7.6.5 and later

FortiWeb versions 8.0.1 and later
[Reference]
 
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print