A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Internet Archive data breach exposes more than 31 million user accounts
October 11, 2024
The Internet Archive, a popular digital library known for its Wayback Machine, was hacked and suffered a data breach that reportedly exposed 31 million user accounts. Founder Brewster Kahle confirmed in a post on the social media platform X that a cyberattack on Tuesday knocked the website offline. He also said that usernames, emails, and encrypted ...
- Nokia Report Highlights Surge in Cyber Attacks on Telecom Infrastructure
October 11, 2024
The latest findings from Nokia’s Threat Intelligence Report reveal an alarming increase in cybercriminal activity targeting telecom infrastructure, largely fueled by advances in Generative AI and automation. This escalation has significant implications for network security and operational reliability within the telecommunications sector. The report indicates that the frequency of distributed denial of service (DDoS) attacks has ...
- Digital arrests – the newest deepfake tool used by cybercriminals
October 11, 2024
An Indian textile baron has revealed that he was duped out of 70 million rupees ($833,000) by online scammers impersonating federal investigators and even the Supreme Court chief justice. The fraudsters posing as officers from India’s Central Bureau of Investigation (CBI) called SP Oswal, chairman and managing director of the textile manufacturer Vardhman, on August 28 ...
- Building cyber resilience key in securing future of Africa’s people
October 11, 2024
An average of 2 960 attacks: that is the number of cyber attacks to which the ordinary organisation in Africa is subjected each and every week. It is a staggering revelation and what makes it more worrying is that this is growing rapidly every year. This year’s figure is up 37% on the previous year, according ...
- Education under siege: How cybercriminals target our schools
October 10, 2024
Education is essentially an “industry of industries,” with K-12 and higher education enterprises handling data that could include health records, financial data, and other regulated information. At the same time, their facilities can host payment processing systems, networks that are used as internet service providers (ISPs), and other diverse infrastructure. The cyberthreats that Microsoft observes across ...
- Exploited Vulnerability in Multiple Fortinet Products
October 10, 2024
Fortinet has released a security advisory to address a critical vulnerability in the FortiOS fgfmd daemon. CVE-2024-23113 is a ‘use of externally-controlled format string’ vulnerability with a CVSSv3 score of 9.8. A remote unauthenticated attacker could send specially crafted requests to execute arbitrary code (ACE) or commands. Affected organisations are encouraged to review Fortinet PSIRT Advisory ...