Number: AL25-019
Date: December 15, 2025
Audience
This Alert is intended for IT professionals and managers.
Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
Details
The Cyber Centre is aware of critical FortiCloud SSO Login Authentication Bypass vulnerabilitiesFootnote 1 affecting Fortinet products with this login feature enabled. Following the vendor advisory, the Cyber Centre issued AV25-821Footnote 2 on December 9, 2025.
CVE-2025-59718Footnote 3 and CVE-2025-59719Footnote 4 allow an improper verification of cryptographic signature vulnerability (CWE-347)Footnote 5 which may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Suggested actions
The Cyber Centre recommends that organizations patch their Fortinet products to the following versions:
| Affected product | Affected version | Solution |
|---|---|---|
| FortiOS 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | Upgrade to 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | Upgrade to 7.0.18 or above |
| FortiProxy 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiProxy 7.4 | 7.4.0 through 7.4.10 | Upgrade to 7.4.11 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.14 | Upgrade to 7.2.15 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.21 | Upgrade to 7.0.22 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiWeb 8.0 | 8.0.0 | Upgrade to 8.0.1 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | Upgrade to 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | Upgrade to 7.4.10 or above |
If patching is not possible at this time, the Cyber Centre strongly recommends that organizations follow Fortinet customer guidance for mitigation adviceFootnote 1, which involves turning off the FortiCloud login feature (if enabled) temporarily until upgrading to a non-affected version.
In addition, the Cyber Centre also strongly recommends that organizations review and implement the Cyber Centre’s Top 10 IT Security Actions with an emphasis on the following topicsFootnote 6.
- Patching operating systems and applications
- Segment and separate information
- Isolating Web-Facing applications
Should activity matching the content of this alert is discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.