A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Onyx Sleet uses array of malware to gather intelligence for North Korea
July 25, 2024
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. Microsoft will continue to closely monitor Onyx Sleet’s activity to assess ...
- Pentagon contractor Leidos hit by data breach Internal documents leaked on cybercrime forum
July 25, 2024
Hackers have reportedly leaked internal documents stolen from Leidos Holdings Inc., a company with a significant contract portfolio including the US Defense Department, Homeland Security, and NASA. A person with knowledge of the matter told Bloomberg News that the company believes the documents leaked by hackers were stolen during a previously disclosed breach at Diligent Corporation. ...
- Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
July 25, 2024
A little-known spyware maker based in Minnesota has been hacked, TechCrunch has learned, revealing thousands of devices around the world under its stealthy remote surveillance. A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company’s servers containing detailed device activity logs from the phones, tablets, and computers that ...
- Russian banking sector faced DDoS attack planned from abroad
July 24, 2024
The Russian banking sector was exposed to a DDoS attack planned from overseas, the VTB Bank press service told TASS. “The banking sector was exposed to the DDoS attack orchestrated from overseas. A minor share of VTB clients faced individual constraints in operations of bank apps due to the high load on the infrastructure of Internet ...
- Cyberattack closes Jefferson County Clerk’s Office, all motor vehicle branches
July 24, 2024
A cyber attack forced the Jefferson County Clerk’s Office to close its eight branches this week. The attack was first discovered at 2:24 a.m. Monday, said Ashley Tinius, a spokesperson for the office. The office has been working with a private cybersecurity firm and law enforcement to investigate the attack and repair its system, Tinius said. ...
- Telegram Zero-Day Let Hackers To Spread Malware Hidden in Videos
July 24, 2024
Cybersecurity researchers at ESET discovered a zero-day vulnerability that targeted the Telegram for Android app and sent malicious files disguised as videos through chats. The zero-day exploit, dubbed “EvilVideo,” allowed hackers to share Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. This exploit targeted only Android Telegram versions ...