All news with #forticloud tag

Fortinet admins urged to patch FortiCloud SSO flaws

🔒 Fortinet has released patches for two critical cryptographic signature vulnerabilities, CVE-2025-59718 and CVE-2025-59719, that can allow an unauthenticated attacker to bypass FortiCloud SSO using a crafted SAML message on affected FortiOS, FortiWeb, FortiProxy and FortiSwitchManager devices. Administrators are advised to disable FortiCloud SSO immediately if it is enabled, apply vendor updates to non‑vulnerable versions, and then re-enable SSO only after verifying patches. Fortinet notes the feature is not enabled by factory default but can be activated during FortiCare registration; the company and responders recommend using the System -> Settings toggle or the CLI command sequence to disable login until patched.