Cyberpress
Fortinet SSO Vulnerabilities Exploited for Admin Access on Firewalls
First seen 22 Jan 2026, 21:42 UTC
•


•86% similarity
•46.9
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Fortinet's Single Sign-On (SSO) vulnerabilities, CVE-2025-59718 and CVE-2025-59719, are being actively exploited by attackers to gain unauthorized administrative access to FortiGate firewalls. These flaws allow unauthenticated attackers to bypass SSO authentication and create local admin accounts, affecting internet-exposed devices. Fortinet's PSIRT team is investigating multiple reports of these attacks.
ThreatCluster AI
Timeline
2025-12-09
Fortinet disclosed vulnerabilities CVE-2025-59718 and CVE-2025-59719
Recent
Attackers actively exploiting the vulnerabilities
Date unknown
Fortinet's PSIRT team initiated investigation