Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

Posted on By CWS

Fortinet on Thursday confirmed that current assaults are bypassing FortiCloud single sign-on (SSO) login authentication on gadgets totally patched in opposition to current vulnerabilities.

Leveraging automation, hackers are making configuration modifications to FortiGate firewalls so as to add new person accounts, allow VPN entry, and exfiltrate machine configuration recordsdata, Arctic Wolf warned this week.

The cybersecurity firm identified that the recent marketing campaign resembles December 2025 assaults concentrating on CVE-2025-59718 and CVE-2025-59719, two critical-severity defects impacting the FortiCloud SSO login characteristic of FortiOS, FortiWeb, FortiProxy, and FortiSwitch Supervisor gadgets.

Fortinet launched fixes for the 2 flaws in early December, warning that crafted SAML response messages may very well be used to bypass authentication on situations which have the FortiCloud SSO login characteristic enabled.

On Thursday, Fortinet confirmed earlier fears that the assaults had been profitable even in opposition to gadgets that had been patched in opposition to CVE-2025-59718 and CVE-2025-59719.

“We’ve recognized numerous circumstances the place the exploit was to a tool that had been totally upgraded to the most recent launch on the time of the assault, which steered a brand new assault path,” Fortinet mentioned.Commercial. Scroll to proceed studying.

“It is very important be aware that whereas, right now, solely exploitation of FortiCloud SSO has been noticed, this difficulty is relevant to all SAML SSO implementations,” it added.

Fortinet says it’s engaged on a repair, however couldn’t share particulars on its availability.

The corporate has shared indicators of compromise (IOCs) to assist prospects hunt for malicious exercise on their gadgets.

Organizations are suggested to dam administrative entry to edge gadgets from the web and limit it to native IP addresses.

“As an extra workaround we advocate disabling the FortiCloud SSO characteristic. This may forestall abuse by way of that methodology however not a third-party SSO system, so that is beneficial solely along side the local-in coverage,” Fortinet notes.

Associated: Organizations Warned of Exploited Zimbra Collaboration Vulnerability

Associated: Recent SmarterMail Flaw Exploited for Admin Entry

Associated: In Different Information: FortiSIEM Flaw Exploited, Sean Plankey Renominated, Russia’s Polish Grid Assault

Associated: Cisco Patches Vulnerability Exploited by Chinese language Hackers

Security Week News Tags:, , , , , ,

Related Posts

New Campaigns Distribute Malware via Open Source Hacking Tools Security Week News
Agentic Security Firm 7AI Raises $130 Million Security Week News
Gambling Tech Firm Bragg Discloses Cyberattack Security Week News
Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers Security Week News
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks Security Week News
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Security Week News