Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass Threat actors have begun to exploit two newly disclosed security flaws in Fortinet devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on appliances December 12, 2025. The attacks critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). Patches for the were released by last FortiOS, FortiWeb, FortiProxy, FortiSwitchManager. "These vulnerabilities allow unauthenticated bypass of login via crafted messages, if FortiCloud feature is enabled affected devices," Labs new bulletin. It's worth noting that while disabled default, automatically during FortiCare registration unless administrators explicitly turn off using "Allow administrative SS... https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html