A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework
June 19, 2024
In early April, Trend Micro researchers discovered that a new threat actor group (which they call Void Arachne) was targeting Chinese-speaking users. Void Arachne’s campaign involves the use of malicious MSI files that contain legitimate software installer files for artificial intelligence (AI) software as well as other popular software. The malicious Winos payloads are bundled alongside ...
- Unmasking Mac malware – strategies for a growing threat
June 18, 2024
In recent years, cybercriminal groups have been ramping up their efforts to find vulnerabilities and create malware that will exploit the iOS or macOS. Jamf’s latest annual threat landscape research tracked 300 malware families designed for macOS, and 21 newly created families in 2023. It’s not just the number of malware families that has risen, but ...
- Analysis of user password strength
June 18, 2024
The processing power of computers keeps growing, helping users to solve increasingly complex problems faster. A side effect is that passwords that were impossible to guess just a few years ago can be cracked by hackers within mere seconds in 2024. For example, the RTX 4090 GPU is capable of guessing an eight-character password consisting of ...
- Finland sees record number of data breach reports in 2023
June 18, 2024
A record high number of data breaches were reported to Finland’s Data Protection Ombudsman last year, according to a report by news group Uutissuomalainen. In total, the office received 6,900 data breach reports in 2023, an increase of 1,400 on the figure for 2022. Assistant Data Protection Ombudsman Heljä-Tuulia Pihamaa told Uutissuomalainen that the sharp rise ...
- Hackers are using fake Chrome, Word and OneDrive errors to trick people into installing malware
June 17, 2024
Proofpoint has observed an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Threat actors including initial access broker TA571 and at least one fake update activity set are using this method to deliver malware including DarkGate, Matanbuchus, NetSupport, and various ...
- Keytronic confirms data breach after Black Basta ransomware gang strikes again
June 17, 2024
Hardware firm Keytronic has confirmed a significant data breach weeks after the Black Basta ransomware group leaked over 500GB of the company’s stolen data around two weeks ago. The company, known for its printed circuit board assembly (PCBA), reported the cyberattack in an SEC filing over a month ago on May 6 – the attack was ...