News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Active exploitation of vulnerabilities in multiple Fortinet products

Active exploitation of vulnerabilities in multiple Fortinet products

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

11:00am, 18 December 2025

TLP Rating: Clear

Active exploitation of vulnerabilities in multiple Fortinet products

Two critical vulnerabilities affecting multiple Fortinet products are reported to be under active exploitation.

CVE-2025-59718 and CVE-2025-59719 involve improper verification of cryptographic signatures which an unauthenticated attacker could use to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

The NCSC encourages organisations in New Zealand that use the affected products to review the advisory and apply the remediation as soon as possible. We also urge affected organisations to investigate unauthorised access or compromise of the affected products.

What's happening

Systems affected

The following Fortinet products are affected:

  • FortiOS
    • 7.0.0 through 7.0.17
    • 7.2.0 through 7.2.11
    • 7.4.0 through 7.4.8
    • 7.6.0 through 7.6.3
  • FortiProxy
    • 7.0.0 through 7.0.21
    • 7.2.0 through 7.2.14
    • 7.4.0 through 7.4.10
    • 7.6.0 through 7.6.3
  • FortiSwitchManager
    •  7.0.0 through 7.0.5
    • 7.2.0 through 7.2.6
  • FortiWeb
    • 7.4.0 through 7.4.9
    • 7.6.0 through 7.6.4
    • 8.0.0

What to look for

How to tell if you're at risk

If you are running a Fortinet product within the version range listed above.

What to do

Prevention

To prevent exploitation, the affected Fortinet products need to be upgraded to the latest versions per the vendor advisory.

More information

Read more about this alert on the vendor website:
https://fortiguard.fortinet.com/psirt/FG-IR-25-647 External Link

Read more about the two critical vulnerabilities:
CVE-2025-59718 External Link
CVE-2025-59719 External Link

If you require more information or further support, submit a report on our website:
Report an incident

If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.