A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How to Recognize and Defend Against Malicious Insider Threats
June 12, 2024
Insider threats arise from careless users, users with compromised credentials, or users who seek to cause harm intentionally. The latter type of user—the malicious insider—can be the most daunting for security teams to manage. It requires them to analyze a user’s behavior and determine whether they have bad intentions. Although less frequent, malicious insiders are costly. ...
- Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups
June 11, 2024
Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Micro unearthed the truth: this backdoor is not merely a variant of existing malware, but is ...
- City of Helsinki’s suffers data breach
June 11, 2024
It remains unclear whether the perpetrator behind a massive data breach of the City of Helsinki has tried to benefit from the crime, according to the City. Detected in April, the hack resulted in the leak of tens of millions of files from the city’s internal network. The stolen files included the personal data of up ...
- Microsoft Security Bulletin Coverage for June 2024
June 11, 2024
Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2024 and has produced coverage for seven of the reported vulnerabilities. Read more… Source: Sonicwall Sign up for our Newsletter Related:
- QR code SQL injection and other vulnerabilities in a popular biometric terminal
June 11, 2024
Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric ...
- Singaporean businesses targeted by Akira ransomware
June 10, 2024
Akira – a ransomware hacker group -that extorted $42 million from over 250 organizations across North America, Europe, and Australia within a year, is now actively targeting businesses in Singapore, according to a joint advisory issued by Singaporean authorities. The Cyber Security Agency of Singapore (CSA), the Singapore Police Force, and the Personal Data Protection Commission ...