A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Agri-Food Sector Under Increasing Threat From Cyber Attacks
September 20, 2024
As the agri-food sector increasingly embraces automation with GPS, robotic systems, cloud-connected devices, and AI-driven tools to boost efficiency and crop yields, cyber risks have been rapidly escalating. With ransomware attacks as the primary threat, the food and agriculture sector ranks as the seventh most targeted industry in the United States, just behind sectors like manufacturing ...
- -=TWELVE=- is back
September 20, 2024
In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as Kaspersky researchers investigated a late June 2024 attack, they found that it employed techniques ...
- UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
September 19, 2024
UNC1860 is a persistent and opportunistic Iranian state-sponsored threat actor that is likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS). A key feature of UNC1860 is its collection of specialized tooling and passive backdoors that Mandiant believes supports several objectives, including its role as a probable initial access provider and its ability to gain ...
- Identifying Rogue AI
September 19, 2024
For many – certainly given the share price of some leading proponents – the hype of AI is starting to fade. But that may be about to change with the dawn of agentic AI. It promises to get humanity far closer to the ideal of AI as an autonomous technology capable of goal-oriented problem solving. But ...
- Zooming in on CVE‑2024‑7965
September 19, 2024
On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attention to the CVE‑2024‑7965 vulnerability described as an inappropriate implementation in the browser’s V8 engine. The vulnerability can lead to remote code execution (RCE) in the Chrome renderer and thus become a starting point ...
- Indonesia’s tax agency probes alleged personal data breach
September 19, 2024
Indonesia’s tax agency is investigating an alleged data breach that exposes the taxpayer identification numbers of millions of Indonesians, including President Joko “Jokowi” Widodo, his ministers and his two sons, an official said. A series of cyber-attacks have hit Indonesian companies and government agencies in the past few years, which experts attribute to the government’s lax ...