FortiGate SAML SSO Bypass: Detect Faster With AI

Fortinet customers are dealing with a high-pressure December reality: attackers are actively exploiting a SAML single sign-on (SSO) authentication bypass in FortiGate, and the window between disclosure and intrusion has been measured in days, not weeks. Arctic Wolf reported malicious SSO logins observed on December 12, 2025, targeting the admin account and followed by configuration exports—exactly the kind of “quiet, high-impact” move that can set up a bigger breach later.

Most companies get one thing wrong here: they treat “patch now” as the whole story. Patching is necessary. It’s also not sufficient—because exploitation tends to happen before your next maintenance window, during your change freeze, or while your team is understaffed for the holidays. This is where AI in cybersecurity earns its keep: not as magic, but as a practical way to spot abnormal SSO behavior, odd admin sessions, and suspicious configuration activity fast enough to matter.

This post breaks down what’s happening with the FortiGate SAML SSO bypass (CVE-2025-59718 and CVE-2025-59719), why it’s so exploitable in real environments, and how to use AI-driven threat detection and anomaly detection to catch the exploitation pattern early—especially when attackers go after management planes.

What’s happening with the FortiGate SAML SSO authentication bypass

Answer first: Attackers can bypass FortiGate SSO authentication using crafted SAML messages when FortiCloud SSO is enabled, then log in as admin and export configurations.

Two critical vulnerabilities—CVE-2025-59718 and CVE-2025-59719 (both reported with CVSS 9.8) allow an unauthenticated bypass of SSO login authentication via specially crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices.

Here’s the operationally dangerous part: FortiCloud SSO is disabled by default, but it can become enabled as part of real-world workflows. The report notes it may be automatically enabled during FortiCare registration unless an admin explicitly disables “Allow administrative login using FortiCloud SSO.” That’s a classic enterprise footgun: a secure default that quietly flips during onboarding.

The attack chain defenders should assume

Answer first: The observed chain is bypass SSO → login as admin → export device configuration → reuse secrets and pivot.

Arctic Wolf observed a consistent pattern:

1. Malicious SSO logins against FortiGate appliances
2. Targeting the admin account
3. Use of IPs tied to a small set of hosting providers
4. Export of device configurations via the GUI to the same IPs

Configuration export is a big deal because firewall configs often contain:

• VPN settings (including pre-shared keys, group names, and routing intent)
• Identity integrations (SAML/LDAP/RADIUS details)
• Hashed credentials and API tokens
• Network topology clues (subnets, critical ACLs, exposed services)

Even if credentials are hashed, attackers routinely crack weak hashes offline. The result isn’t just one compromised firewall; it’s a potential shortcut into your identity plane and remote access.

Why CISA KEV inclusion changes the urgency

Answer first: KEV listing signals real exploitation and sets firm patch deadlines for government—and it should for you, too.

CISA added CVE-2025-59718 to the Known Exploited Vulnerabilities catalog and required U.S. federal agencies to patch by December 23, 2025. That’s not bureaucratic noise; it’s a strong indicator that exploitation is confirmed and spreading.

If you’re in the private sector, you don’t get a formal deadline—but attackers will happily enforce one.

Why SSO bypass hits harder than a “normal” firewall bug

Answer first: SSO bypass targets the management plane and identity trust path, letting attackers act as administrators without stealing passwords first.

Many vulnerability stories focus on remote code execution. This one is different in a way that’s arguably worse for many orgs: it attacks the authentication decision itself.

SSO is built on trust relationships:

• You trust the identity provider’s assertions.
• You trust the device’s validation of those assertions.
• You trust that “admin login via SSO” is controlled and monitored.

A SAML bypass undermines that trust chain. And because FortiGate often sits at the crossroads of remote access, segmentation, and VPN, management access becomes a high-leverage control point.

Here’s what I’ve seen repeatedly: teams have decent monitoring for endpoint malware and email threats, but far thinner telemetry around network appliance admin activity. Attackers know it.

The December problem: change freezes and thin staffing

Answer first: Exploitation spikes during periods when defenders patch slower and monitor less.

The timing matters. It’s Friday, December 19, 2025. A lot of orgs are dealing with:

• Reduced SOC coverage
• On-call-only network engineering
• Patch windows pushed into January
• “No changes during peak business” policies

That’s exactly when opportunistic campaigns do well. Arctic Wolf described the activity as early-stage and opportunistic—meaning it’s designed to scale.

Where AI-driven detection actually helps (and where it doesn’t)

Answer first: AI helps by spotting patterns humans miss at speed—especially abnormal SSO logins and configuration exports—but it can’t replace patching or access control.

AI in cybersecurity works best when the signal is behavioral:

• Who logged in
• From where
• How often
• What actions followed
• How that differs from baseline

This FortiGate exploitation produces exactly that kind of signal.

Detection pattern 1: “SSO admin login from the wrong kind of internet”

Answer first: Flag SSO-based admin logins from unfamiliar hosting networks or geographies, especially when the account is admin.

Traditional alerting might say “admin logged in” and stop there. AI-based anomaly detection can go further by learning what “normal admin access” looks like for your environment.

Useful features to model:

• Source ASN/hosting provider vs employee ISP
• Country/region variance compared to historical admin behavior
• Time-of-day anomalies (especially around holidays)
• First-seen device fingerprint / TLS client / browser profile

You don’t need perfect attribution. You need a fast “this doesn’t fit” verdict.

Detection pattern 2: “Login followed by configuration export”

Answer first: Treat configuration exports as high-risk events, especially when they occur soon after an admin session begins.

The reported behavior includes exporting configurations via the GUI. AI can correlate sequences that are individually noisy but collectively damning:

• admin SSO login n- New source IP
• Short session duration
• Config export action
• Outbound transfer to the same source

Sequence-based detection (sometimes framed as behavioral analytics) is where modern AI security analytics shines. Humans can reason about this chain, but humans don’t scale to thousands of devices and logs at 2 a.m.

Detection pattern 3: “Post-export blast radius forecasting”

Answer first: AI can prioritize what to rotate and inspect by inferring which secrets and integrations are most likely exposed.

If a configuration was exported, responders immediately face a messy question: what did the attacker get that matters most?

A mature AI-assisted workflow can:

• Parse configurations and identify secret-bearing fields
• Map identity integrations (SAML/LDAP/RADIUS) to critical apps
• Recommend a rotation order (VPN creds, API tokens, admin passwords, shared secrets)
• Generate a targeted hunt plan (devices, accounts, and paths to inspect)

This isn’t sci-fi. It’s the practical side of AI in security operations: speeding up the decisions that normally stall an incident response.

A practical response plan: patching, mitigations, and AI monitoring

Answer first: Patch immediately, disable FortiCloud SSO until patched, restrict management access, then use AI monitoring to detect exploit patterns and confirm no config exfiltration occurred.

If you run FortiGate (or manage environments that do), here’s a response plan that’s realistic under time pressure.

1) Patch like exploitation is already underway

Answer first: Prioritize upgrades for FortiOS and related Fortinet products first, because exploitation began within a week of disclosure.

Fortinet released patches across products including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Don’t treat this as a normal quarterly update. The exploitation timeline says you won’t win by waiting.

If your organization requires risk sign-off for emergency changes, use the simplest framing:

• CVSS: 9.8
• Confirmed exploitation
• KEV catalog listing
• Observed config exfiltration behavior

2) Disable FortiCloud SSO until you’re updated

Answer first: If FortiCloud SSO isn’t essential, turn it off now and re-evaluate after patching.

Mitigation guidance from the reporting is clear: disable FortiCloud SSO until systems are updated. If it was enabled implicitly during registration, fix the setting explicitly and document it.

3) Lock down management plane access (no exceptions)

Answer first: Management interfaces should be reachable only from trusted internal networks or dedicated admin paths.

This is a non-negotiable hardening step:

• Restrict GUI/SSH management access to a dedicated admin subnet
• Require VPN + device posture for admin access
• Consider a separate out-of-band management network
• Enforce MFA where available (while recognizing this is an SSO-bypass scenario)

Even a perfect patch program can’t save you if the management plane is exposed and lightly monitored.

4) Use AI to hunt for the specific exploitation sequence

Answer first: Run an AI-assisted hunt for abnormal SSO admin logins and subsequent configuration exports in a tight time window.

A targeted hunt should answer four questions:

1. Did any SSO login occur for privileged accounts that doesn’t match baseline?
2. Did those sessions originate from hosting providers or first-seen IP ranges?
3. Did any session perform configuration export or suspicious admin actions?
4. Did outbound traffic patterns match potential exfiltration behavior?

AI helps by ranking “most suspicious” sessions first, so responders don’t waste hours sifting through benign admin work.

5) If you see IoCs, assume compromise and rotate secrets

Answer first: If configuration exfiltration is suspected, treat stored hashed credentials and secrets as exposed and rotate aggressively.

Arctic Wolf’s guidance is blunt for a reason: if configs left the device, the attacker can work offline. Your best move is to reduce the value of what they stole.

Minimum rotation set:

• Firewall admin credentials (and any shared local accounts)
• VPN credentials and pre-shared keys
• API tokens and automation accounts
• SSO integration secrets and certificates where applicable

“Could AI have stopped this Fortinet attack?” A realistic answer

Answer first: AI won’t stop an authentication bypass by itself, but it can shorten detection time from days to minutes—and that often prevents the second-stage breach.

AI doesn’t patch devices. AI doesn’t replace segmentation. But it’s very good at catching the shape of exploitation:

• abnormal privileged login
• unusual source infrastructure
• rapid high-value actions (like exporting configs)

That early warning is the difference between:

• “We patched and never knew we were hit,” and
• “We confirmed no config export occurred,” or
• “We contained quickly, rotated secrets, and prevented lateral movement.”

That’s the real promise of AI in cybersecurity: continuous security monitoring that’s fast enough to matter when attackers move first.

What to do next (especially before December 23)

If you’re running FortiGate, treat this week as a sprint:

• Patch affected Fortinet products immediately
• Disable FortiCloud SSO until patched
• Restrict management plane access to trusted paths
• Run an AI-assisted hunt for anomalous SSO admin logins and config export events
• If any evidence appears, assume compromise and rotate secrets tied to the exported configuration

If you’re evaluating AI-driven security monitoring, use this incident as your test case. Ask a blunt question: Could we detect an abnormal SSO admin login and a config export within 10 minutes—and confidently explain why it’s suspicious? If the answer is no, you’ve found a gap worth funding.