A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Modern Asian APT groups’ tactics, techniques and procedures (TTPs)
November 9, 2023
This report consists of six main sections – Incidents involving Asian APT groups in various regions of the planet Information on five unique incidents that Kaspersky researchers detected in different parts of the world. Each incident is a unique case within a specific country and industry, and they provide a description of the actions and TTPs ...
- Secretary General: Through NATO, we can build a secure cyberspace for all
November 9, 2023
The Secretary General emphasized that cyber is driving strategic competition and that authoritarian regimes, including China and Russia, are: “challenging our interests, our values and our security.” He said they are: “determined to shape the future of cyberspace in own image with little transparency and no regard for human rights.” At the Vilnius Summit this ...
- Threat Predictions for 2024: Chained AI and CaaS Operations Give Attackers More “Easy” Buttons Than Ever
November 9, 2023
With the growth of Cybercrime-as-a-Service (CaaS) operations and the advent of generative AI, threat actors have more “easy” buttons at their fingertips to assist with carrying out attacks than ever before. By relying on the growing capabilities in their respective toolboxes, adversaries will increase the sophistication of their activities. They’ll launch more targeted and stealthier hacks ...
- Law firm Allen & Overy hit by ‘data incident’
November 9, 2023
Allen & Overy has suffered a “data incident”, the London-founded law firm said on Thursday, after social media posts suggested it had been hacked by the Lockbit cybercrime gang. The attack, first reported by the Financial Times, comes after seven countries, including the U.S. and Britain, in June named Lockbit as the world’s top ransomware threat. Read ...
- OpenAI Blames ChatGPT’s Intermittent Outages On ‘Abnormal Traffic’ That Suggests Potential Cyber Attack
November 9, 2023
ChatGPT continued to face intermittent outages late Wednesday, which the platform’s maker OpenAI blamed on a potential cyberattack, hours after the AI chatbot platform recovered from a wide outage that the company initially attributed to a surge in interest for its new features. Early on Thursday, OpenAI’s service status page displayed a notification saying both ChatGPT ...
- SysAid warns customers to patch after ransomware gang caught exploiting new zero-day flaw
November 9, 2023
Software maker SysAid is warning customers that hackers linked to a notorious ransomware gang are exploiting a newly discovered vulnerability in its widely used IT service automation software. SysAid chief technology officer Sasha Shapirov confirmed in a blog post Wednesday that attackers are exploiting a zero-day flaw affecting its on-premises software. A vulnerability is considered a ...