A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends
December 16, 2024
In this blog, the global experts across our Rapid7 Labs and Managed Services teams share real-time vulnerability insights and threat intelligence so that our customers can anticipate and prevent breaches, pinpoint critical threats, and confidently take command of their attack surface. The Rapid7 Labs team has rounded up statistics and trends that caught their eye throughout ...
- NotLockBit ransomware targets Apple users with advanced file-locking and data exfiltration
December 15, 2024
The recent discovery of macOS.NotLockBit suggests a shift in the landscape, as this newly identified malware, named after the notorious LockBit variant, could mark the beginning of more serious ransomware campaigns against Mac users. Ransomware targeting Mac devices tends to lack the necessary tools to truly lock files or exfiltrate data. The general perception has been ...
- Cyber attack may affect personal information of thousands of Rhode Islanders
December 13, 2024
A massive cyberattack could impact the personal information of hundreds of thousands of Rhode Islanders after hackers targeted a state contractor that stores health and personal data. Governor Dan McKee announced that the personal information of thousands was compromised in a cybersecurity attack. Anyone who has ever received or applied for health coverage or human service ...
- Six arrested in South Thailand for call centre scams and firearms
December 13, 2024
Police apprehended six people suspected of being involved in call centre scams and the illegal trade of firearms. The Cyber Crime Investigation Bureau (CCIB) announced the arrest on Tuesday, December 10, indicating possible connections between the suspects and insurgency financing in Thailand’s southern regions. The arrests took place on December 10 in Songkhla and Yala provinces ...
- Maritime Cyber Priority 2024/25: Tackling a growing cybersecurity threat in an increasingly connected industry
December 12, 2024
The digitalization of the maritime industry is in full flow. Shipowners, ports, cargo owners and many other stakeholders throughout the value chain are increasingly utilizing connected digital technologies to make shipping greener, safer and more efficient. However, DNV’s new Maritime Cyber Priority report highlights that this also introduces new cybersecurity risks, which need to be managed ...
- Careto is back: what’s new after 10 years of silence?
December 12, 2024
During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, Kaspersky researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”. The Mask APT is a legendary ...