A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian crypto exchange Garantex seized by law enforcement operation
March 6, 2025
The U.S. Secret Service, working with a coalition of international law enforcement agencies, has taken down and seized the website of Garantex, a Russian cryptocurrency exchange accused of being associated with darknet markets and ransomware hackers. On Thursday, the official Garantex website was replaced with a notice saying the exchange’s domain has been seized by the ...
- Hacked health firm HCRG demanded journalist ‘take down’ data breach reporting, citing UK court order
March 6, 2025
A U.S.-based independent cybersecurity journalist has declined to comply with a U.K. court-ordered injunction that was sought following their reporting on a recent cyberattack at U.K. private healthcare giant HCRG. Law firm Pinsent Masons, which served the February 28 court order on behalf of HCRG, demanded that DataBreaches.net “take down” two articles that referenced the ransomware ...
- Unpacking a B2B Business Email Compromise (BEC) Scenario
March 5, 2025
When an organization is subject to a Business Email Compromise (BEC), a single email could result in substantial monetary losses. Threat actors employing such tactics could employ different techniques, ranging from simple to advanced, and have seen increased activities yearly. A recent investigation examined not a typical BEC scenario where a threat actor simply sends a ...
- Android zero-day vulnerabilities actively abused – update as soon as you can
March 5, 2025
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available ...
- US charges Chinese hackers who allegedly caused millions of dollars worth of damages
March 5, 2025
US prosecutors on Wednesday announced criminal charges against multiple Chinese nationals for allegedly hacking a range of US companies and municipalities for profit, causing millions of dollars’ worth of damage. Victims of the hackers include US-based critics of the Chinese government, Asian government foreign ministries, and US federal and state agencies, the Justice Department said. Some ...
- Critical Zero-day Vulnerabilities in VMware ESXi, Workstation, and Fusion
March 4, 2025
Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor through a running virtual machine. VMware’s official advisory does not include all affected product versions. VMware’s official advisory VMSA-2025-0004 includes a Response Matrix detailing the fixed releases for each product. VMware have also released an FAQ detailing the following: You are ...