Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Fortinet Fixes Two Critical Vulnerabilities Affecting Several of Its Products, Patch Immediately!
Image
Published : 10/12/2025
* Last update: 10/12/2025
* Affected software:
→ • FortiOS 7.0.0 through 7.6.3
→ • FortiProxy 7.0.0 through 7.6.3
→ • FortiSwitchManager 7.0.0 through 7.2.6
→ • FortiWeb versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9
* Type:
→ • Improper Access Control
* CVE/CVSS
→ • CVE-2025-59718: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ • CVE-2025-59718: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
FortiGuard Labs: https://fortiguard.fortinet.com/psirt/FG-IR-25-647
Risks
CVE-2025-59718 and CVE-2025-59719 are two critical vulnerabilities related to improper verification of cryptographic signature that affect FortiOS, FortiProxy, FortiSwitchManager and FortiWeb. Successful exploitation of this vulnerabilities could allow an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message.
These vulnerabilities have a significant impact on confidentiality, integrity and availability of the affected systems.
Description
CVE-2025-59718 is an improper verification cryptographic signature identified in versions of Fortinet FortiOS, FortiProxy and FortiSwitchManager. The vulnerability arises from an improper verification of cryptographic signatures within SAML response messages used for FortiCloud Single Sign-On (SSO) authentication, allowing an unauthenticated attacker to craft a malicious SAML response that completely bypasses the authentication mechanism.
CVE-2025-59719 involves improper verification of cryptographic signatures in Fortinet FortiWeb. This vulnerability results from improper verification of cryptographic signatures within SAML response messages used in FortiCloud SSO authentication. Exploitation of this flaw could allow a remote attacker to bypass FortiCloud SSO login authentication via a crafted SAML response message.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version or implementing specific mitigations may protect against future exploitation, it does not remediate historic compromise.
References
Bleepingcomputer: https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/
Tenable: https://www.tenable.com/cve/CVE-2025-59718
Tenable: https://www.tenable.com/cve/CVE-2025-59719