A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- South Africa’s trade regulator ITAC hit by cyber attack
April 16, 2024
According to the organisation, the attack happened in January, leading to the exposure of the personal information of stakeholders. ITAC is an institution dedicated to promoting fair trade in South Africa in order to enhance economic growth and development. The site includes trade and tariff services as well as import and export control services. In a ...
- MGM files suit against FTC to block cyber attack investigation
April 16, 2024
MGM filed the suit yesterday (15 April) in Washington’s federal court against both the FTC and Lina M Khan as FTC chair. The suit refers to the large-scale cyber attack launched against MGM in September last year. MGM was forced to shut down certain systems across its US properties due to the attack. Access to MGM ...
- Best Practices for Deploying Secure and Resilient AI Systems
April 15, 2024
Deploying artificial intelligence (AI) systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). This report expands upon the ‘secure deployment’ and ‘secure operation and maintenance’ sections of the Guidelines for secure AI ...
- SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
April 15, 2024
Researchers from the Positive Technologies Expert Security Center discovered more than three hundred attacks worldwide, which they confidently attributed to the well-known TA558 group. As originally described by researchers at ProofPoint, TA558 is a relatively small financially motivated cybercrime group that has attacked hospitality and tourism organizations mainly in Latin America, but has also been identified ...
- Change Healthcare faces another ransomware threat – and it looks credible
April 12, 2024
For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just become far messier still. In March, the ransomware group AlphV, which had claimed ...
- “Highly capable” hackers root corporate networks by exploiting Palo Alto Networks firewall 0-day
April 12, 2024
Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, the highest possible level ...