A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SugarGh0st RAT Used to Target American Artificial Intelligence Experts
May 16, 2024
Proofpoint recently identified a SugarGh0st RAT campaign targeting organizations in the United States involved in artificial intelligence efforts, including those in academia, private industry, and government service. Proofpoint tracks the cluster responsible for this activity as UNK_SweetSpecter. SugarGh0st RAT is a remote access trojan, and is a customized variant of Gh0stRAT, an older commodity trojan typically ...
- Another cyber-attack on Australian healthcare company
May 16, 2024
here’s been another large-scale ransomware data breach of an Australian company…this time at an e-script provider named Medi-Secure. Medi-Secure is a prescription exchange service, which offers electronic prescribing and dispensing of prescriptions. It’s not yet known how many data records have been accessed, but experts warn that many Australians might not even know their details were ...
- Notorious data leak site BreachForums seized by law enforcement
May 15, 2024
BreachForums—probably the largest dark web marketplace for stolen data to be leaked and sold—has been seized by law enforcement.Now, both the regular and the TOR domain of BreachForums are plastered with a message telling visitors the site is now under control of the FBI. Raidforums ran from early 2015 until February 2022. The first iteration of ...
- Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
May 15, 2024
Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks. Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware. The observed activity begins with impersonation through voice phishing (vishing), followed by delivery of malicious tools, including ...
- Man convicted following complex two year cybercrime investigation by Police Scotland
May 15, 2024
A 21-year-old man from West Dunbartonshire has been convicted of creating, selling and supporting an online computer system with the capability of bringing down websites. Detective Chief Inspector Andy Maclean, of Police Scotland’s Cybercrime Investigations Unit, said: “Tagore supplied a tool used by his customers to carry out Distributed Denial of Services (DDOS) attacks. These are ...
- Santander hit by data breach affecting customers and staff
May 14, 2024
Spanish bank Santander has said data managed by an external party was recently accessed without permission, affecting some of its clients and all of its current staff. “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider,” the bank said in a statement on Tuesday. Read more… Source: MSN News Sign up ...