All news with #fortiproxy tag

Fortinet warns of critical FortiCloud SSO bypass flaws

⚠️ Fortinet released patches for two critical FortiCloud SSO authentication bypass vulnerabilities (CVE-2025-59718, CVE-2025-59719) impacting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. Attackers can abuse improper cryptographic signature verification in crafted SAML messages to bypass FortiCloud SSO controls. Administrators should disable FortiCloud SSO until devices are patched — either via System -> Settings in the GUI or with the provided CLI command — and apply the vendor firmware updates promptly. Fortinet also fixed related credential and password-hash issues (CVE-2025-59808, CVE-2025-64471).