Critical Authentication Vulnerabilities in Fortinet FortiGate Actively Exploited

Fortinet FortiGate appliances are currently under active attack due to two critical authentication vulnerabilities, CVE-2025-59718 and CVE-2025-59719. According to a report by Arctic Wolf, malicious actors are exploiting these vulnerabilities to bypass authentication mechanisms and gain unauthorized access to affected devices. The intrusions were first detected on December 12, 2025, and involve malicious connections via Single Sign-On (SSO) protocols. Notably, these vulnerabilities were publicly disclosed less than a week before the first observed exploitations, indicating a rapid weaponization by threat actors. While specific technical details about the attack vectors and full impact are not provided in the initial report, the ability to bypass authentication poses a significant risk to organizations using FortiGate appliances. Cybersecurity professionals are advised to prioritize patching these vulnerabilities and monitor for any suspicious activity, particularly around SSO connections. The rapid exploitation of these vulnerabilities underscores the importance of timely patch management and continuous monitoring of network devices. Given the critical nature of these vulnerabilities, organizations should consider implementing additional security measures, such as network segmentation and multi-factor authentication, to mitigate potential risks while patches are being applied.