Fortinet has issued an urgent security advisory regarding a critical vulnerability affecting its FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager product lines.
The security flaw, identified as an Improper Verification of Cryptographic Signature (CWE-347), could allow an unauthenticated attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication.
The vulnerability stems from the device’s failure to verify signatures within SAML messages properly. If exploited, a threat actor could craft a specific SAML message to gain unauthorized administrative access to the device.
The issue was discovered internally by Yonghui Han and Theo Leleu of the Fortinet Product Security team and disclosed publicly on December 9, 2025.
While the FortiCloud SSO login feature is not enabled by default, it poses a significant risk in deployed environments.
When an administrator registers a device to FortiCare using the graphical user interface (GUI), the “Allow administrative login using FortiCloud SSO” toggle is enabled by default. Unless the administrator explicitly disables this switch during registration, the device becomes vulnerable to this bypass immediately.
Mitigation and Workarounds
Fortinet strongly advises customers to upgrade to the latest versions listed below. However, for organizations that cannot patch immediately, a temporary workaround is available. Administrators can mitigate the risk by disabling the FortiCloud login feature.
The following table outlines the vulnerable versions and the required upgrades to remediate the issue.
| Product | Affected Versions | Remediation |
|---|---|---|
| FortiOS 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.8 | Upgrade to 7.4.9 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.11 | Upgrade to 7.2.12 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.17 | Upgrade to 7.0.18 or above |
| FortiOS 6.4 | Not affected | None |
| FortiProxy 7.6 | 7.6.0 through 7.6.3 | Upgrade to 7.6.4 or above |
| FortiProxy 7.4 | 7.4.0 through 7.4.10 | Upgrade to 7.4.11 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.14 | Upgrade to 7.2.15 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.21 | Upgrade to 7.0.22 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
| FortiWeb 8.0 | 8.0.0 | Upgrade to 8.0.1 or above |
| FortiWeb 7.6 | 7.6.0 through 7.6.4 | Upgrade to 7.6.5 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.9 | Upgrade to 7.4.10 or above |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
