A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Toyota confirms customer and employee data stolen, says breach at third party to blame
August 21, 2024
Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...
- Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
August 20, 2024
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to ...
- BVI Electricity Corporation suffers cyber attack
August 20, 2024
The BVI Electricity Corporation (BVIEC) announced on Monday, August 19, that it had fallen victim to a cyberattack. The power company stated that the attack has impacted both their internal and external operations. While the full details of the cyberattack have not been disclosed, BVIEC has assured the public that they are working closely with experts ...
- Ransomware attacks surge over 60% in UK and US
August 20, 2024
Malwarebytes’ 2024 State of Ransomware report published today (20 August) shows a surge in malicious activity on US and UK businesses. The “ThreatDown 2024 State of Ransomware” report reveals an alarming increase in ransomware attacks over the past year. In the US there has been a 63% increase in ransomware attacks on organisations and businesses, with ...
- Amsterdam municipality bans Telegram on work phones over security concerns
August 19, 2024
The municipality of Amsterdam has banned its civil servants from using the messaging app Telegram on their work phones due to concerns over criminal activity and potential espionage, local media reported on Monday. The ban, which was implemented at the end of April but only recently made public, is attributed to fears that Telegram could be ...
- Hacked GPS tracker reveals location data of customers
August 19, 2024
Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. The investigation into Tracki, besides uncovering a tangled web of companies, dubious websites, and false identities, also led to a ...