The authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, are within the Fortinet FortiOS working system that runs FortiWeb, FortiProxy and FortiSwitchManager gadgets. If exploited, they might enable an unauthenticated attacker to bypass the FortiCloud SSO login authentication, if that characteristic is enabled on the machine.
For some admins, it could have been unknowingly turned on; when directors register gadgets utilizing the FortiCare product assist portal, FortiCloud SSO is robotically enabled until they disable the “Permit administrative login utilizing FortiCloud SSO” setting on the registration web page.
To forestall being affected by this vulnerability, admins ought to flip off the FortiCloud login characteristic, if enabled, then improve software program to the most recent model earlier than re-enabling the perform.
