A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Luxembourg: Cybercriminals stole thousands from BIL customers using phishing scam
August 2, 2025
After cybercriminals stole thousands from BIL customers using a fake website, the banking association maintains that digital banking tools remain safe, but users must stay vigilant. In the wake of a sophisticated phishing scheme that led to major financial losses for dozens of BIL customers, The Luxembourg Banker’s Association (ABBL) is defending the security of the ...
- Ransomware attacks cripple government services across Dutch Caribbean islands
August 2, 2025
Several major government institutions across the Caribbean part of the Kingdom of the Netherlands were hit by cyberattacks last week, including a ransomware attack on Curaçao’s Tax and Customs Administration that temporarily disabled critical services, NOS reports. According to Curaçao’s Minister of Finance, ransomware was used in the attack on the tax authority. After the breach ...
- Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
August 1, 2025
In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet ...
- Ransomware gangs are now expanding to physical threats in the real world
August 1, 2025
Ransomware gangs seem to be getting desperate when it comes to getting results, as besides encrypting and leaking data on the web, they’ve also started threatening CEOs with physical violence. Cybersecurity researchers Semperis claim over the past 12 months, in 40% of ransomware incidents, the CEOs of the affected company were also physically threatened – which ...
- Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
July 31, 2025
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. ApolloShadow has the capability to install a trusted root certificate to trick devices into trusting malicious actor-controlled sites, enabling ...
- Minnesota: St. Paul cyber attack sparks reflections, calls to action
July 31, 2025
The recent cyber attack in St. Paul has gained pretty much everyone’s attention in the government technology space. It didn’t hurt that Gov. Tim Walz deployed 13 members of the Minnesota National Guard’s Cyber Protection Unit to help fix the damage — reportedly the first time that unit has deployed inside the state in its eight ...