A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action
October 22, 2024
Healthcare organizations are an increasingly attractive target for threat actors. In a new Microsoft Threat Intelligence report, US healthcare at risk: strengthening resiliency against ransomware attacks, our researchers identified that ransomware continues to be among the most common and impactful cyberthreats targeting organizations. The report offers a holistic view of the healthcare threat landscape with a ...
- Data storage in spotlight of Italian security committee after Intesa breach
October 22, 2024
Italy’s influential parliamentary committee on security will hold a round of hearings on data storage following a major breach at the country’s biggest bank Intesa Sanpaolo, people familiar with the matter told Reuters on Tuesday. Intesa Sanpaolo is under investigation by prosecutors in the southern Italian city of Bari after it emerged that the accounts of ...
- Hong Kong: ‘Lack of care led to sports association data breach’
October 22, 2024
The Office of the Privacy Commissioner for Personal Data (PCPD) on Tuesday accused the South China Athletic Association (SCAA) of having inadequate policies and a lack of care, after a data breach affecting more than 72,300 members. An attack by a hacker in March resulted in a breach of members’ personal information, including ID card numbers, ...
- Stealer here, stealer there, stealers everywhere!
October 21, 2024
Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked ...
- Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
October 21, 2024
Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting replies to the tickets from the hackers themselves. Internet Archive, most known for its Wayback Machine, is a digital library that allows users to look at website snapshots from the past. It is often used ...
- Taiwan: Defense ministry confirms basic data leak
October 21, 2024
The Ministry of National Defense today confirmed a data leak of basic personal information about certain high-ranking officials in response to a report from Chinese-language media, but said it did not include any information about personal asset holdings. The China Times this morning published a report saying that personal data of people ranked colonel and above ...