A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Japan: Over 14 million login credentials leaked from six ISPs in major data breach
June 29, 2026
A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation. According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked ...
- Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs
June 29, 2026
Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records ...
- Fake GTA VI beta keys are already draining cryptocurrency wallets worldwide
June 27, 2026
Grand Theft Auto VI is not due on consoles until November 19 2026, but official preorders open soon, and cybersecurity researchers have warned criminals are already exploiting the wait with a coordinated wave of fraudulent websites. Malwarebytes and NordVPN have both flagged sites promising “VIP early access” or exclusive beta keys to one of gaming’s most anticipated ...
- Russian Intelligence Services Continue to Target Commercial Messaging Applications
June 26, 2026
The FBI and CISA are issuing this update to the March 20, 2026, Public Service Announcement I-032026-PSA to provide additional information to the public and encourage device owners to take actions to protect themselves. The FBI has identified multiple clusters of Russian Intelligence Services (RIS) cyber threat actors responsible for an ongoing commercial messaging application (CMA) phishing campaign against individuals of high ...
- Russian hackers were behind $2.5B hack of Jaguar Land Rover
June 26, 2026
Last year, hackers attacked car giant Jaguar Land Rover (JPL), one of the U.K.’s biggest employers. The hack halted production for months and made a dent in the country’s economy. The damage was so severe that the U.K. government decided to bail out the company with a £1.5 billion (around $2 billion) payment, and estimates say the hack cost the British ...
- Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
June 26, 2026
The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation. This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system ...