A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Northern Ireland: Police Ombudsman sorry for ‘distressing’ data leak as investigation is launched
September 1, 2024
An investigation has been launched after a data breach led to the details of current and former Police Ombudsman staff members being accidently released. The Police Ombudsman (PONI) has apologised for the data leak incident involving 160 current and former staff. A document containing some of their personal details was “inadvertently released” to 22 people who ...
- Misconfigurations in Microsoft Exchange open new doors to email spoofing attacks
September 1, 2024
A new report from the Acronis Threat Research Unit has uncovered a vulnerability in Microsoft Exchange Online settings that could enable email spoofing attacks. This issue primarily affects users with a hybrid configuration of on-premises Exchange and Exchange Online, and those utilizing third-party email security solutions. In July 2023, Microsoft introduced a major change in how ...
- A million airport parking customers affected in huge data breach
August 31, 2024
A million Park’N Fly customers have had their sensitive data stolen after the company suffered a cyberattack. The news was confirmed in a data breach notification letter sent out by the company, which noted the threat actors accessed the company’s IT infrastructure in July 2024 using stolen VPN credentials. The crooks stole people’s full names, email ...
- Cyber security in critical industries: challenges, solutions, and the road ahead
August 30, 2024
In an era of rapid digital transformation, cyber security has emerged as a paramount concern, particularly for critical industries such as energy, healthcare, and transportation. As we approach the IET’s Cyber Security for Critical Industries 2024 conference, it is essential to delve into the latest cyber security challenges and explore how building resilient and responsive ...
- North Korean threat actor Citrine Sleet exploiting Chromium zero-day
August 30, 2024
On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain. Microsoft ...
- Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence
August 30, 2024
Trend Micro observed a new attack vector of weaponization for the vulnerability CVE-2023-22527 using the Godzilla backdoor. Following initial exploitation, a loader was loaded into the Atlassian victim server which loads a Godzilla webshell. On January 16, 2024, Atlassian released a security advisory for CVE-2023-22527, a vulnerability that affects Confluence Data Center and Confluence Server products. In ...