CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS.
According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or above, 7.4.9 or above, 7.2.12 or above, and 7.0.18 or above.
But on Tuesday, a Fortinet administrator posted on Reddit asking whether other enterprise admins had observed attackers logging in and creating new accounts on FortiGate firewalls that had already been upgraded to address CVE-2025-59718.
The Reddit user said that they spotted a malicious SSO login on one of their FortiGate appliances running on v7.4.9, and their SIEM caught a local admin account being…