A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
May 28, 2024
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives. Moonstone Sleet is observed to set up fake companies and job ...
- pcTattleTale spyware leaks database containing victim screenshots, gets website defaced
May 28, 2024
The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device. What goes around ...
- ABN Amro on alert as supplier hit by ransomware attack
May 28, 2024
ABN Amro is warning customers that their personal details may be at risk after a ransomware attack at one its supplier. The ransomware attack was inflicted on AddComm, which distributes documents and tokens physically and digitally to ABN Amro clients and employees. External cybersecurity experts are currently investigating exactly what data has been stolen at AddComm. Read ...
- Spying, hacking and intimidation: Israel’s nine-year ‘war’ on the ICC exposed
May 28, 2024
When the chief prosecutor of the International criminal court (ICC) announced he was seeking arrest warrants against Israeli and Hamas leaders, he issued a cryptic warning: “I insist that all attempts to impede, intimidate or improperly influence the officials of this court must cease immediately.” Now, an investigation by the Guardian and the Israeli-based magazines +972 ...
- Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
May 27, 2024
Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. A prominent example of this includes a cybercriminal ...
- Threat landscape for industrial automation systems, Q1 2024
May 27, 2024
In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Building automation has historically led the surveyed industries in terms of the percentage of ICS computers ...