A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber attack on city of Wichita limited to police records, internal investigation finds
September 19, 2024
A ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system, city officials said Wednesday. That means the Russian hacker group — LockBit — that claimed credit for the attack did not access bank card numbers, social security numbers or ...
- Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
September 18, 2024
Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, ...
- Hacker claims to have for sale 87 million strong database after suspected Temu breach
September 18, 2024
A cybercriminal claims to have breached Temu and stolen millions of customer records, but the ecommerce giant is vehemently denying the claims. A hacker with the alias ‘smokinthashit’ took to BreachForums, one of the most popular underground forums out there, and advertised a new database, allegedly stolen from the company. “Temu company database for sale. +87M ...
- Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers
September 18, 2024
The Justice Department today announced a court-authorized law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide. As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity ...
- Lebanon: Nine killed, 300 wounded in a new wave of explosions across the country
September 18, 2024
At least nine people have been killed and 300 were wounded in Lebanon in a new wave of blasts related to communication devices, the Health Ministry has said, a day after thousands of pagers used by Hezbollah detonated across the country. Multiple explosions were reported across Lebanon on Wednesday, with state-run National News Agency saying that ...
- iPadOS 18 is bricking some iPad Pro 2024 units, leading Apple to pull the update
September 18, 2024
iPadOS 18 recently landed alongside iOS 18, adding all sorts of tweaks, improvements, and new features to Apple’s tablets, but if you have one of Apple’s latest iPads, you won’t be able to download it right now. Initially, iPadOS 18 was available for the iPad Pro 11-inch (2024) and the iPad Pro 13-inch (2024), but ...