News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Active exploitation of vulnerabilities in multiple Fortinet products

Active exploitation of vulnerabilities in multiple Fortinet products

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

2:45pm, 28 January 2026

TLP Rating: Clear

Active exploitation of vulnerabilities in multiple Fortinet products

Two critical vulnerabilities affecting multiple Fortinet products are reported to be under active exploitation.

CVE-2025-59718 and CVE-2025-59719 involve improper verification of cryptographic signatures which an unauthenticated attacker could use to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

The NCSC is aware of open-source reports of a small number of Fortinet customers observing unexpected logon activity on their devices. Some of these activities were reported on fully upgraded Fortinet devices. Fortinet is working to resolve this vulnerability and has published mitigation advice in their PSIRT blog. The NCSC encourages organisations that use the affected products to review this information, even if they have upgraded to the latest patch.

The NCSC encourages organisations in New Zealand that use the affected products to review the advisory and apply the remediation as soon as possible. We also urge affected organisations to investigate unauthorised access or compromise of the affected products.

What's happening

Systems affected

The following Fortinet products are affected:

  • FortiOS
    • 7.0.0 through 7.0.17
    • 7.2.0 through 7.2.11
    • 7.4.0 through 7.4.8
    • 7.6.0 through 7.6.3
  • FortiProxy
    • 7.0.0 through 7.0.21
    • 7.2.0 through 7.2.14
    • 7.4.0 through 7.4.10
    • 7.6.0 through 7.6.3
  • FortiSwitchManager
    •  7.0.0 through 7.0.5
    • 7.2.0 through 7.2.6
  • FortiWeb
    • 7.4.0 through 7.4.9
    • 7.6.0 through 7.6.4
    • 8.0.0

What to look for

How to tell if you're at risk

If you are running a Fortinet product within the version range listed above.

What to do

Prevention

To prevent exploitation, the affected Fortinet products need to be upgraded to the latest versions per the vendor advisory.

More information

Read more about this alert on the vendor website:
https://fortiguard.fortinet.com/psirt/FG-IR-25-647 External Link

Read Fortinet's mitigation advice:   
https://fortiguard.fortinet.com/psirt/FG-IR-25-647 External Link External Link

Read more about the two critical vulnerabilities:
CVE-2025-59718 External Link
CVE-2025-59719 External Link

If you require more information or further support, submit a report on our website:
Report an incident

If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.