好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,抓住关键信息。 文章主要讲的是Fortinet修复了两个严重的认证绕过漏洞。这两个漏洞的CVE编号是CVE-2025-59718和CVE-2025-59719,CVSS评分高达9.1,属于高危漏洞。这些漏洞影响了多个产品,包括FortiOS、FortiWeb、FortiProxy和FortiSwitchManager,当FortiCloud SSO功能启用时就会受到影响。 接下来,文章提到这两个漏洞是因为加密签名验证不当导致的。攻击者可以利用伪造的SAML消息绕过认证。虽然FortiCloud SSO默认是关闭的,但如果管理员在注册设备时没有禁用相关选项,就会自动启用。 Fortinet建议用户在升级到不受影响的版本之前,暂时关闭FortiCloud SSO功能作为缓解措施。此外,文章还列出了受影响的具体版本以及对应的升级建议。 最后,文章提到这些漏洞是由Fortinet内部团队发现的,并且目前还没有证据表明这些漏洞已经被用于实际攻击中。 总结一下,我需要将这些关键点浓缩到100字以内。重点包括:修复了两个高危认证绕过漏洞(CVE编号),影响多个产品和版本,原因在于加密签名验证问题,攻击者可利用SAML消息绕过认证,默认情况下SSO关闭但可能被启用,建议升级或禁用SSO。 </think> Fortinet修复了两个严重认证绕过漏洞(CVE-2025-59718和CVE-2025-59719),影响 FortiOS、FortiWeb、FortiProxy 和 FortiSwitchManager 的 FortiCloud SSO 功能。攻击者可利用伪造 SAML 消息绕过认证,默认情况下 SSO 关闭但可能自动启用。建议升级或禁用 SSO 以缓解风险。 2025-12-10 22:4:38 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
Fortinet fixed two critical authentication-bypass vulnerabilities
Pierluigi Paganini
December 10, 2025
Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled.
Fortinet addressed 18 vulnerabilities, including two authentication-bypass flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when FortiCloud SSO is enabled.
Both vulnerabilities are improper verification of cryptographic signature issues.
An improper signature-verification flaw in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager lets an unauthenticated attacker bypass FortiCloud SSO login using a crafted SAML message, if the feature is enabled. FortiCloud SSO is disabled by default, but it activates automatically during FortiCare registration unless the admin disables the “Allow administrative login using FortiCloud SSO” toggle.
“Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device’s GUI, unless the administrator disables the toggle switch “Allow administrative login using FortiCloud SSO” in the registration page, FortiCloud SSO login is enabled upon registration.” reads the advisory.
The vendor recommends disabling the FortiCloud login feature (if enabled) until upgrading to a non-affected version, as a temporary mitigation.
Below are the impacted versions:
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | Upgrade to 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | Upgrade to 7.0.18 or above |
| FortiOS 6.4 | Not affected | Not Applicable |
| FortiProxy 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiProxy 7.4 | 7.4.0 through 7.4.10 | Upgrade to 7.4.11 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.14 | Upgrade to 7.2.15 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.21 | Upgrade to 7.0.22 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiWeb 8.0 | 8.0.0 | Upgrade to 8.0.1 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | Upgrade to 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | Upgrade to 7.4.10 or above |
| FortiWeb 7.2 | Not affected | Not Applicable |
| FortiWeb 7.0 | Not affected | Not Applicable |
The vulnerabilities were internally discovered and reported by Yonghui Han and Theo Leleu of Fortinet Product Security team.
At this time, it is unclear if any of these vulnerabilities has been exploited in attacks in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, FortiOS)
如有侵权请联系:admin#unsafe.sh