A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data breach leaks a whopping 2.7 billion records inclusing smartphone and Wi-Fi info
February 16, 2025
A huge data breach has resulted in the leak of 2.7 billion records belonging to China’s Mars Hydro. The company is involved in indoor growing and hydroponics which is the process of growing plants without soil. The company offers LED grow lights, grow tents, and other products. Because many of the products it offers are controlled ...
- Security updates released for PostgreSQL
February 14, 2025
The PostgreSQL Global Development Group (also known as Postgres) has released an advisory to address a high severity vulnerability in PostgreSQL. PostgreSQL is a relational SQL database management system. CVE-2025-1094 is an ‘improper neutralisation of quoting syntax’ vulnerability with a CVSSv3 score of 8.1. If exploited, a remote unauthenticated attacker could achieve SQL injection via sending ...
- Zacks Investment hit in data breach – 12 million users potentially at risk
February 14, 2025
A report by BleepingComputer cites a thread posted on an underground hacking forum claiming to have breached Zacks in June 2024, gaining sensitive information on 12 million people, including names, usernames, email addresses, postal addresses, and phone numbers. The forum thread contained a small sample, and an offer for the entire batch in exchange for a ...
- Israel: Extortionists posed as women online, trapped victims with intimate photos
February 14, 2025
Two men were arrested on Thursday for operating a sophisticated sexual extortion network. According to the investigation, they posed as women on social media lured victims into sending intimate photos, and then threatened to expose the images unless they paid money. The prosecution stated: “They acted systematically, cynically exploiting their victims.” David Bracha, 26, from Rishon ...
- Active Exploitation of Critical Vulnerability Chain in SimpleHelp
February 14, 2025
SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on the network. The three vulnerabilities can be used in an exploit chain, which could allow a ...
- China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions
February 13, 2025
Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers, despite the recent sanctions imposed by the U.S. government on the group. In a report shared with TechCrunch, threat intelligence firm Recorded Future said it had observed Salt Typhoon — which the company tracks as “RedMike” — breaching five telecommunications ...