Fortinet Security Advisory (December 17th, 2025)

Ref# ADV2025_436 | Date: Dec 17th 2025

Fortinet published security advisories to address vulnerabilities in the following products on December 9, 2025. It is recommended that you take these necessary precautions by ensuring your products are always updated.

  • FortiOS 7.6 – versions prior to 7.6.4
  • FortiOS 7.4 – versions prior to 7.4.9
  • FortiOS 7.2 – versions prior to 7.2.12
  • FortiOS 7.0 – versions prior to 7.0.18
  • FortiProxy 7.6 – versions prior to 7.6.4
  • FortiProxy 7.4 – versions prior to 7.4.11
  • FortiProxy 7.2 – versions prior to 7.2.15
  • FortiProxy 7.0 – versions prior to 7.0.22
  • FortiSwitchManager 7.2 – versions prior to 7.2.7
  • FortiSwitchManager 7.0 – versions prior to 7.0.6
  • FortiWeb 8.0 – versions prior to 8.0.1
  • FortiWeb 7.6 – versions prior to 7.6.5
  • FortiWeb 7.4 – versions prior to 7.4.10

The FortiCloud SSO Login Authentication feature must be enabled on the affected products for these vulnerabilities to be exploited.

Update 1

On December 16, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-59718 to their Known Exploited Vulnerabilities (KEV) Database.

Open-source reporting indicates that CVE-2025-59718 is being exploited.

For more information on these updates, you can follow these URLs:

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

 PDF Download: Fortinet Security Advisory Update 1

References