Serial number: AV25-821
Date: December 9, 2025
Updated: December 16, 2025
On December 9, 2025, Fortinet published security advisories to address vulnerabilities in multiple products including two critical vulnerabilities (CVE-2025-59718, CVE-2025-59719):
- FortiOS 7.6 – versions prior to 7.6.4
- FortiOS 7.4 – versions prior to 7.4.9
- FortiOS 7.2 – versions prior to 7.2.12
- FortiOS 7.0 – versions prior to 7.0.18
- FortiProxy 7.6 – versions prior to 7.6.4
- FortiProxy 7.4 – versions prior to 7.4.11
- FortiProxy 7.2 – versions prior to 7.2.15
- FortiProxy 7.0 – versions prior to 7.0.22
- FortiSwitchManager 7.2 – versions prior to 7.2.7
- FortiSwitchManager 7.0 – versions prior to 7.0.6
- FortiWeb 8.0 – versions prior to 8.0.1
- FortiWeb 7.6 – versions prior to 7.6.5
- FortiWeb 7.4 – versions prior to 7.4.10
The FortiCloud SSO Login Authentication feature must be enabled on the affected products for these vulnerabilities to be exploited.
Update 1
On December 16, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-59718 to their Known Exploited Vulnerabilities (KEV) Database.
Open-source reporting indicates that CVE-2025-59718 is being exploited.
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.