The FortiBleed credential leak event exposed VPN usernames, passwords, and configuration files from approximately 74,000 FortiGate SSL-VPN devices via exploitation of CVE-2025-59718, an authentication bypass rated CVSS 9.1. A symlink persistence technique documented in Fortinet PSIRT advisory FG-IR-25-934 means adversaries may retain file-system read access even on devices that have since been patched with a firmware update; full remediation requires both patching and explicit artifact removal.