Last Update: 06.02.2026: Added Analysis Report Link
Update 23.1.2026: Recently, a small number of customers reported unexpected login activity occurring on their devices, which appeared very similar to the previous issue. However, Fortinet has identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path.
New PSIRT information can be found here: https://fortiguard.fortinet.com/psirt/FG-IR-26-060
Fortinet has published information about a new vulnerability affecting FortiOS, FortiProxy, FortiSwitchManager and FortiWeb. Affected devices require specific firmware patches and the “Allow administrative login using FortiCloud SSO” setting must be enabled. Patches to fix the issue already exist.
If you are using an affected release, you must immediately take action by either performing an upgrade or disabling the “Allow administrative login using FortiCloud SSO” setting, using one of the two methods below:
1. Via Graphical User Interface (GUI)
Use the following navigation path to disable the function through the web interface:
- Navigate to: System –> Settings
- Under the Single Sign-On section, locate the FortiCloud SSO option.
- Set the toggle switch to Disable.
2. Via Command Line Interface (CLI)
Execute the following commands in the CLI to adjust the global configuration:
config system global
set admin-forticloud-sso-login disable
end
PSIRT information
https://fortiguard.fortinet.com/psirt/FG-IR-25-647
| IR Number | FG-IR-25-647 |
| Published Date | Dec 9, 2025 |
| Component | GUI |
| Severity | Critical |
| CVSSv3 Score | 9.1 |
| Impact | Improper access control |
| CVE ID | CVE-2025-59718, CVE-2025-59719 |
Affected and patched releases
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | Upgrade to 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | Upgrade to 7.0.18 or above |
| FortiOS 6.4 | Not affected | Not Applicable |
| FortiProxy 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiProxy 7.4 | 7.4.0 through 7.4.10 | Upgrade to 7.4.11 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.14 | Upgrade to 7.2.15 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.21 | Upgrade to 7.0.22 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiWeb 8.0 | 8.0.0 | Upgrade to 8.0.1 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | Upgrade to 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | Upgrade to 7.4.10 or above |
| FortiWeb 7.2 | Not affected | Not Applicable |
| FortiWeb 7.0 | Not affected | Not Applicable |
Fortinet has published an Analysis Report for the FortiCloud SSO vulnerability.
