Cybersecurity defenders are actively observing attackers exploiting an authentication bypass vulnerability affecting FortiGate firewalls. This critical flaw, tracked as CVE-2025-59718, allows unauthorized access to vulnerable systems.

The active exploitation of CVE-2025-59718 means that threat actors are successfully bypassing authentication mechanisms on FortiGate devices. This grants them a gateway into protected networks, potentially leading to further compromise and data breaches.

Understanding CVE-2025-59718

CVE-2025-59718 is described as an authentication bypass vulnerability. Such flaws are particularly dangerous as they undermine the fundamental security control of user authentication, which is designed to prevent unauthorized access. In the context of firewalls, an authentication bypass can allow an attacker to gain administrative control over the device without needing valid credentials.

FortiGate firewalls are widely deployed across enterprises for network security. The exploitation of this specific vulnerability therefore poses a significant risk to a broad range of organizations. Security teams are urged to prioritize addressing this issue due to its active exploitation.

Urgent Action for FortiGate Users

Given the active exploitation of CVE-2025-59718, users of FortiGate firewalls must take immediate action. Organizations should consult Fortinet’s official security advisories for specific indicators of compromise, mitigation steps, and patch availability.

Applying available patches and updates promptly is crucial to defend against these ongoing attacks. Additionally, network administrators should review their firewall configurations, implement strong access controls, and monitor for any unusual activity that might indicate a successful exploit.

Source: https://www.helpnetsecurity.com/2025/12/17/fortigate-vulnerability-cve-2025-59718-exploited/