Australia’s Cyber Security Centre (ACSC) has issued a critical alert about two newly discovered security flaws in Fortinet network devices. These vulnerabilities (CVE‑2025‑59718 and CVE‑2025‑59719) involve a flaw in how Fortinet products verify login authentication. If exploited, an attacker could bypass Fortinet’s cloud-based single sign-on (SSO) login and gain unauthorised access to network devices. For organisations using Fortinet devices, this warning is an urgent call to review and update their systems.

Fortinet has identified that these issues impact several product lines, including FortiGate firewalls (running FortiOS), FortiProxy, FortiSwitchManager and FortiWeb. In short, many older versions of these products are at risk. Any organisation using Fortinet gear should urgently check whether they are running affected versions.

ACSC says organisations should act quickly so this issue does not cause harm. 

Why Immediate Patching Matters

It is essential for organisations to take immediate action regarding this vulnerability, as cybercriminals frequently exploit unpatched systems in their attack methods to gain unauthorised access, steal sensitive data, or install malicious software (malware) within your organisation. When your organisation proactively applies these patches, it is a step in the right direction towards protecting your network systems. 

The Risks of Unpatched Systems and How Protectera Can Help

If left unpatched, these types of vulnerabilities could lead to significant disruptions and financial losses for an organisation. At Protectera, we work with organisations to help them manage these types of risks, before they happen, as your trusted partner on your cybersecurity journey. We perform fast scans of your network to identify older versions of Fortinet software and provide you with assistance in both the patching and configuration change process. In addition, our comprehensive cyber risk assessment services and compliance offerings (including following the Essential Eight, or Cybersecurity Incident Response Management Plan guidelines) allow us to not only ensure patches have been applied. But those organisations are following the best security practice recommended by Australia’s Cybersecurity Centre. 

For example, Protectera is able to provide your organisation with the ability to implement and follow the recommended actions identified by the Australian Cyber Security Centre – including disabling all unnecessary services, applying the latest security updates to your systems, and actively monitoring your systems for signs of intrusion. We also work with executive teams and IT staff to strengthen your overall security stance, from network hardening to incident response planning. Our goal is to make sure your organisation is resilient even when new threats emerge.

Ready to get started? 

At Protectera, we guide businesses and boards in building strong cyber defences. Speak with our security consultants today to understand how to fortify your network and meet compliance requirements. Call us on 02 7227 5428 or book a free consultation. Also, do not forget to follow us on LinkedIn for more cybersecurity updates.