A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Health insurance firm Blue Shield data breach exposed data of over 4.7 million members
April 24, 2025
Health insurance firm Blue Shield has revealed a data breach has exposed protected health data of over 4.7 million members. The information was leaked to Google’s analytics and advertisement platforms following a misconfiguration of Google analytics on Blue Shield sites. “On February 11, 2025, Blue Shield discovered that, between April 2021 and January 2024, Google Analytics ...
- M&S: FTSE 100 giant battling cyber attack
April 22, 2025
M&S has revealed it has been battling what it has described as a “cyber incident” over the past few days. The FTSE 100 giant said that it’s made some “minor, temporary changes to our store operations to protect customers and the business” and “we are sorry for any inconvenience experienced.” M&S confirmed that it is working ...
- Critical RCE Vulnerability in Erlang/OTP SSH Server
April 22, 2025
Erlang has released updates to its OTP package to address a critical vulnerability in its Secure Shell (SSH) server. Erlang is an open-source programming language. OTP (Open Telecom Platform) is a set of Erlang libraries and middle-ware that can be used to develop applications. CVE-2025-32433 is a critical vulnerability with a CVSSv3 score of 10.0. If ...
- FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
April 21, 2025
During trend Micro researchers monitoring of the ransomware threat landscape, they discovered samples with infection chain characteristics and payloads that can be attributed to FOG ransomware. A total of nine samples were uploaded to VirusTotal between March 27 and April 2, which the researchers recently discovered were multiple ransomware binaries with .flocked extension and readme.txt notes. ...
- Lumma Stealer – Tracking distribution channels
April 21, 2025
The evolution of Malware-as-a-Service (MaaS) has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Among these threats, Lumma Stealer has emerged as a particularly sophisticated player since its introduction in 2022 by the threat actor known as Lumma. Initially marketed as ...
- New Rust Botnet “RustoBot” is Routed via Routers
April 21, 2025
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Unlike previous malware targeting these devices, this variant is written in Rust—a programming language introduced by Mozilla in 2010. Due to its Rust-based implementation, we’ve named the malware “RustoBot.” In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to ...