A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Booking.com customers targeted by scam ‘confirmation’ emails
October 23, 2023
Travellers using the popular hotel website Booking.com are being warned not to fall for scam emails asking them to confirm their hotel payment, after a hack of Booking.com’s email system. In recent weeks the Observer has been contacted by a number of customers claiming that they had received scam emails from within the Booking.com system. ...
- Philippines’ cybersecurity failures exposed as hackers leak state secrets, people’s data
October 22, 2023
All it apparently took for one Philippine hacker to break into a government website was “Admin123” – a password that reflects what experts say is the authorities’ lax attitude towards cybersecurity that not only leaves millions of Filipinos vulnerable to identity theft but has exposed some of the country’s top military secrets. On October 3, ...
- Phony Corsair LinkedIn Listing Contains DarkGate Malware
October 21, 2023
You can never be too careful when surfing the web, even if you’re looking for a new job. Corsair is a prominent name in the gaming hardware and accessories market, and it stands to reason that it would be a hot destination for enthusiasts in the market for a new job. However, some nefarious parties are ...
- Europol: Ragnar Locker ransomware gang taken down by international police swoop
October 20, 2023
This week, law enforcement and judicial authorities from eleven countries delivered a major blow to one of the most dangerous ransomware operations of recent years. This action, coordinated at international level by Europol and Eurojust, targeted the Ragnar Locker ransomware group. The group were responsible for numerous high-profile attacks against critical infrastructure across the world. In ...
- Money-making scripts attack organizations
October 19, 2023
In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims’ devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal data using keyloggers, and gain backdoor access to systems. According to Kaspersky ...
- Crambus: New Campaign Targets Middle Eastern Government
October 19, 2023
The Iranian Crambus espionage group (aka OilRig, APT34) staged an eight-month-long intrusion against a government in the Middle East between February and September 2023. During the compromise, the attackers stole files and passwords and, in one case, installed a PowerShell backdoor (dubbed PowerExchange) that was used to monitor incoming mails sent from an Exchange Server ...