A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Clorox says certain business operations disrupted in cyber attack
August 14, 2023
Clorox said on Monday it had taken certain systems offline after unauthorized activity disrupted some business operations. It said it was implementing workarounds for certain offline operations in order to continue servicing its customers and had engaged third-party cybersecurity experts to support its investigation and recovery efforts. Read more… Source: MSN News
- Bangladesh Bank warns banks and financial institutions against cyber attacks
August 12, 2023
The Bangladesh Bank has issued out a comprehensive 11-point instruction in a situational alert, urging all banks and financial institutions to bolster their cyber defences. This move comes on the heels of a recent cyber threat targeting the country’s cyber sphere, with potential implications for critical state information infrastructure (CII), including banking, healthcare, and government operations. Read ...
- Russian and Chinese cyber attack on Foreign Office was kept secret from public
August 12, 2023
Hackers from Russia and China infiltrated the Foreign Office’s emails and internal messages without the public’s knowledge, it has been revealed. The major security breach meant cyber attackers were able to see the day-to-day business of the government department in 2021. The cyber attacks were enabled because a Foreign Office staff member ‘probably accidentally’ downloaded malware ...
- Connecticut city loses $6 million in multiple cyber attacks on public school district, manages to recoup half
August 11, 2023
The city of New Haven lost more than $6 million in multiple cyberattacks on its public school district earlier this summer and has so far managed to recoup about half of the money, officials announced Thursday. The thefts, which occurred in June and involved hackers impersonating the city’s chief operating officer and private vendors in emails, ...
- 5 arrested in Poland for running bulletproof hosting service for cybercrime gangs
August 11, 2023
This week, the Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor’s Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world. Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net ...
- Unknown actor targets power generator with DroxiDat and Cobalt Strike
August 10, 2023
Recently Kaspersky pushed a report about an interesting and common component of the cybercrime malware set – SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, they found a new SystemBC variant deployed to a critical infrastructure target. This time, the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in ...