Critical Fortinet Flaws Under Active Attack

CISA warns of active attacks exploiting critical Fortinet vulnerabilities, urging urgent patches to protect devices.

By Content Team

Dec 18, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA added a critical Fortinet vulnerability (CVE-2025-59718) to its exploited vulnerabilities catalog after detecting active attacks. The flaw, along with CVE-2025-59719, allows hackers to bypass authentication on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager devices using crafted SAML messages.

Arctic Wolf researchers spotted attacks starting December 12, just three days after Fortinet disclosed the vulnerabilities on December 9. Attackers from Germany, the US, and Asia targeted admin accounts, stealing device configurations and credentials from compromised FortiGate devices.

The vulnerabilities affect devices with FortiCloud SSO enabled, which automatically activates when administrators register through the GUI. Federal agencies must patch by December 23 or stop using affected products. Organizations can temporarily disable FortiCloud login while implementing patches across multiple Fortinet product versions.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

VS Code Configs Expose GitHub Codespaces to Supply Chain Attacks

Feb 5, 2026

Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks

Jan 2, 2026

Cybercriminals Use LiveChat Platform for Real-Time Phishing Scams

Mar 17, 2026

Microsoft Takes Down RedVDS Cybercrime Service That Stole Millions

Jan 15, 2026