A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The dangers of unused bank accounts and how to close them
January 26, 2024
If you’re like most people, you’ve likely got at least a few unused bank accounts floating around. However, there may be financial and security dangers associated with keeping these unused bank accounts active. Security risks of unused bank accounts Fraud exposure: Unused bank accounts can become targets for fraud. Closing these accounts minimizes the risk. Avoidance of fees: ...
- Albabat ransomware
January 26, 2024
Albabat, also known as White Bat, is a financially motivated ransomware variant written in Rust that identifies and encrypts files important to the user and demands a ransom to release them. It first appeared in November 2023 with the variant Version 0.1.0. Version 0.3.0 was released in late December, followed by version 0.3.3 in mid-January 2024. ...
- UK councils remain downed by cyberattack
January 26, 2024
Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline. The councils for Canterbury, Dover, and Thanet — all of which are based in the U.K. county of Kent and have a combined population of almost 500,000 residents — said ...
- Satellites and the specter of IoT attacks
January 26, 2024
In the vast expanse of space, satellites orbit silently, serving as the connected backbone of our modern world. A fast-proliferating network of satellites forms the critical infrastructure that supports global communication, navigation, weather forecasting, defensive operations and more. Today’s global space economy is huge, forecasted to total more than $600 billion annually in 2024. Internet of ...
- Malicious ads for restricted messaging applications target Chinese users
January 25, 2024
An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google services, including Google search, are also either restricted or heavily censored in mainland ...
- Billion-dollar financial giant EquiLend hit by cyberattack
January 25, 2024
EquiLend, a global financial technology, data and analytics firm, suffered a cyberattack – possibly ransomware – that forced parts of its digital infrastructure offline. In a press release, EquiLend said that on January 22, 2024, its technicians identified a “technical issue that placed portions of our system offline.” Following an investigation, the company identified a cybersecurity ...