Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kaman
Staff
Staff

Created on ‎01-19-2026 02:12 AM Edited on ‎01-20-2026 03:48 AM By Community Manager

Article Id 426944

Technical Tip: Understanding the FortiOS critical vulnerability (FG-IR-25-647) GUI upgrade prompt

Description

 

This article describes the expected upgrade prompt that appears when logging in to earlier firmware versions subject to the FortiCloud SSO Login authentication bypass critical vulnerability, e.g., FG-IR-25-647.

Scope


FortiGate v7.4.8 and earlier, FortiOS v7.6.3 and earlier.

Solution


After booting, FortiOS will check its build number against the PSIRT definitions for known critical vulnerabilities. In FortiOS v7.4 and later, this feature requires only firmware entitlement. See this article: Technical Tip: FortiOS GUI critical vulnerability warning message and licensing entitlement for vers....

 

If a known critical vulnerability is detected, FortiOS displays an upgrade prompt after FortiGate login, accompanied by a GUI warning that allows the administrator to upgrade or skip, as shown in the image below. This notifies the administrator of potential security risks and enables immediate mitigation.

FG_IR_25_647_upgrade_warning.png
For further information on the vulnerability announcement FG-IR-25-647, refer to the PSIRT advisory: Multiple Fortinet Products' FortiCloud SSO Login Authentication Bypass.

To mitigate exposure to this vulnerability in affected versions, the FortiCloud SSO login feature should be temporarily disabled until the device is upgraded to a non-affected version, such as v7.4.9.

To disable the feature, log in to FortiGate, navigate to Settings, and disable the 'FortiCloud SSO' option (it may also appear as 'Allow administrative login using FortiCloud SSO', depending on firmware).

srrrrrrr.png
Configure via CLI:


config system global
    set admin-forticloud-sso-login disable
end


This vulnerability affects only devices with FortiCloud SSO login enabled. Disabling the 'FortiCloud SSO' option mitigates risk until the device is upgraded to a fixed FortiOS version.

Notes:

  • The vulnerable version check takes some time to perform and generally does not display immediately after boot.
  • The warning appears based on the firmware version. It will still display even if FortiCloud SSO login is successfully disabled.
  • Although this does not mitigate the vulnerability, the upgrade warning can be temporarily cleared using the command 'diagnose report-runner vuln-clean'. See this document: One-time upgrade prompt when a critical vulnerability is detected upon login.

 

Once the Security Rating Report towards FortiGuard Servers is performed (every 4hours automatically), the banner will reappear as shown below:

 

report-vuln-banner.png

2190
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.