The National Computer Emergency Response Team (National CERT) has issued a critical warning about two serious security flaws found in cloud provider systems that could allow hackers to take full control of your devices.
These flaws were found in Fortinet’s FortiCloud Single Sign-On (SSO) login system and affect several Fortinet products, including FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb.
According to the advisory, the flaws allow attackers to bypass login protections without needing a username or password. This means an attacker could gain full control of affected systems from anywhere, posing a serious threat to organizational network security.
The vulnerabilities, identified as CVE-2025-59718 and CVE-2025-59719, have been given a severity score of 9.8, which is considered critical. National CERT said these flaws are easy to exploit, do not require user interaction, and do not need any prior access. If exploited, attackers could fully take over firewalls, internet gateways, network switches, and web security systems that are managed through FortiCloud SSO.
The advisory warned that such attacks could lead to unauthorized access to administrative accounts, takeover of systems, changes to security settings, exposure of sensitive network data and logs, and complete system compromise. Since FortiCloud SSO is widely used to manage multiple security devices from one place, a single successful attack could allow control over an entire network.
National CERT said systems running vulnerable software versions with FortiCloud SSO enabled for administrative access are at risk. Multiple versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb are affected, with all FortiWeb 8.0 builds fully impacted. Signs of a possible attack include unusual FortiCloud SSO login activity, unauthorized configuration changes, irregular audit logs, suspicious IP addresses accessing admin panels, and the creation of unknown administrator accounts.
Fortinet has released software updates to fix the issue. Fixed versions include FortiOS 7.0.18 and above, 7.2.2 and above, 7.4.9 and above, and 7.6.4 and above, along with matching updates for other affected products. Organizations that cannot install updates immediately have been advised to temporarily disable FortiCloud SSO login, though National CERT stressed this is not a permanent solution.
National CERT has urged all organizations to install the security updates as soon as possible. It also advised reviewing system logs for signs of unauthorized access, resetting administrator passwords, and strengthening access controls. Continuous monitoring, limiting admin privileges, and using multi-step login verification for administrators were highlighted as key measures to prevent system takeovers and large-scale network damage.