A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CVE-2024-30043: Abusing URL Parsing Confusion To Exploit XXE On Sharepoint Server And Cloud
May 30, 2024
Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that the author found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun to exploit and exfiltrate data (or do ...
- Sing Us a Song You’re the Piano Scam
May 29, 2024
Proofpoint recently identified a cluster of activity conducting malicious email campaigns using piano-themed messages to lure people into advance fee fraud (AFF) scams. The campaigns have occurred since at least January 2024, and are ongoing. Most of the messages target students and faculty at colleges and universities in North America, however other targeting of industries including ...
- ‘People’s lives are at risk’: Ascension ransomware attack going on nearly three weeks
May 29, 2024
A ransomware attack on a major US hospital network that began three weeks ago is endangering patients’ health as nurses are forced to manually enter prescription information and work without electronic health records, nurses at two hospitals affected by the cyberattack told CNN. “It’s putting patients’ lives in danger,” said a nurse who works at Ascension ...
- Guidance on the 911 S5 Residential Proxy Service
May 29, 2024
The Federal Bureau of Investigation (FBI), Defense Criminal Investigative Services (DCIS), and Department of Commerce (DOC) are publishing this announcement to notify the public of the dismantlement of the 911 S5 residential proxy service and to help individuals and businesses better understand and guard against 911 S5 proxy service and botnet. 911 S5 began operating in ...
- Pakistani hackers target ‘Make in India’ defence programs
May 28, 2024
As per a report, three public sector defence equipment manufacturers as well as India’s security forces have been on the target of an espionage campaign run by a notorious Pakistani hacking group with suspected links to its military. Transparent Tribe, known as Advanced Persistent Threat (APT) 36 among cybersecurity professionals, has been targeting employees in defence ...
- Static Unpacking For The Widespread NSIS-Based Malicious Packer Family
May 28, 2024
Packers or crypters are widely used to protect malicious software from detection and static analysis. These auxiliary tools, through the use of compression and encryption algorithms, enable cybercriminals to prepare unique samples of malicious software for each campaign or even per victim, which complicates the work of antivirus software. In the case of certain packers, classifying ...