Fortinet Product Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in Fortinet products. Users of affected products are advised to update to the latest version.
Affected Products
CVE-2025-59718
FortiOS Versions: 7.0.0 and earlier and 7.0.17 and earlier
FortiOS Versions: 7.2.0 and earlier and 7.2.11 and earlier
FortiOS version: 7.4.0 or later and 7.4.8 or earlier
FortiOS version: 7.6.0 or later and 7.6.3 or earlier
FortiProxy version: 7.0.0 or later and 7.0.21 or earlier
FortiProxy version: 7.2.0 or later and 7.2.14 or earlier
FortiProxy version: 7.4.0 or later and 7.4.10 or earlier
FortiProxy version: 7.6.0 or later and 7.6.3 or earlier
FortiSwitchManager version: 7.0.0 or later and 7.0.5 or earlier
FortiSwitchManager version: 7.2.0 or later and 7.2.6 or earlier
CVE-2025-59719
FortiWeb version: 7.4.0 or later and 7.4.9 or earlier
FortiWeb version: 7.6.0 or later and 7.6.4 or earlier
FortiWeb version: 8.0.0
Resolved Vulnerabilities
Authentication Bypass Vulnerability in FortiOS, FortiProxy, and FortiSwitchManager (CVE-2025-59718)
Authentication Bypass Vulnerability in FortiWeb (CVE-2025-59719)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2025-59718
FortiOS version: 7.0.18 and later
FortiOS version: 7.2.12 and later
FortiOS Version: 7.4.9 and later
FortiOS Version: 7.6.4 and later
FortiProxy version: 7.0.22 and later
FortiProxy version: 7.2.15 and later
FortiProxy version: 7.4.11 and later
FortiProxy version: 7.6.4 and later
FortiSwitchManager version: 7.0.6 and later
FortiSwitchManager version: 7.2.7 and later
CVE-2025-59719
FortiWeb Version: 7.4.10 and later
FortiWeb Version: 7.6.5 and later
FortiWeb version: 8.0.1 and later
References
[1] FortiCloud SSO Login Authentication Bypass on Multiple Fortinet Products
https://fortiguard.fortinet.com/psirt/FG-IR-25-647