Fortinet has issued an urgent security advisory regarding a critical vulnerability affecting its FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager product lines.
The security flaw, identified as an Improper Verification of Cryptographic Signature (CWE-347), could allow an unauthenticated attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication.
The vulnerability stems from the device’s failure to verify signatures within SAML messages properly. If exploited, a threat actor could craft a specific SAML message to gain unauthorized administrative access to the device.
The issue was discovered internally by Yonghui Han and Theo Leleu of the Fortinet Product Security team and disclosed publicly on December 9, 2025.
While the FortiCloud SSO login feature is not enabled by default, it poses a significant risk in deployed environments.
When an administrator registers a device to FortiCare using the graphical user interface (GUI), the “Allow administrative login using FortiCloud SSO” toggle is enabled by default. Unless the administrator explicitly disables this switch during registration, the device becomes vulnerable to this bypass immediately.
Mitigation and Workarounds
Fortinet strongly advises customers to upgrade to the latest versions listed below. However, for organizations that cannot patch immediately, a temporary workaround is available. Administrators can mitigate the risk by disabling the FortiCloud login feature.
The following table outlines the vulnerable versions and the required upgrades to remediate the issue.
ProductAffected VersionsRemediationFortiOS 7.67.6.0 through 7.6.3Upgrade to 7.6.4 or aboveFortiOS 7.47.4.0 through 7.4.8Upgrade to 7.4.9 or aboveFortiOS 7.27.2.0 through 7.2.11Upgrade to 7.2.12 or aboveFortiOS 7.07.0.0 through 7.0.17Upgrade to 7.0.18 or aboveFortiOS 6.4Not affectedNoneFortiProxy 7.67.6.0 through 7.6.3Upgrade to 7.6.4 or aboveFortiProxy 7.47.4.0 through 7.4.10Upgrade to 7.4.11 or aboveFortiProxy 7.27.2.0 through 7.2.14Upgrade to 7.2.15 or aboveFortiProxy 7.07.0.0 through 7.0.21Upgrade to 7.0.22 or aboveFortiSwitchManager 7.27.2.0 through 7.2.6Upgrade to 7.2.7 or aboveFortiSwitchManager 7.07.0.0 through 7.0.5Upgrade to 7.0.6 or aboveFortiWeb 8.08.0.0Upgrade to 8.0.1 or aboveFortiWeb 7.67.6.0 through 7.6.4Upgrade to 7.6.5 or aboveFortiWeb 7.47.4.0 through 7.4.9Upgrade to 7.4.10 or above
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post FortiOS, FortiWeb, and FortiProxy Vulnerability Lets Attackers Bypass FortiCloud SSO Authentication appeared first on Cyber Security News.
