A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Clustering attacker behavior reveals hidden patterns
August 8, 2023
A collection of very specific behaviors, observed by Sophos X-Ops incident response analysts in the lead-up to four separate ransomware attacks in the first quarter of 2023, indicates an unexpected connection between the attacks. In the parlance of the Managed Detection and Response (MDR) team, the peculiarly similar details constitute a threat activity cluster that ...
- New cyberattack method: tracking typing remotely via keyboard sounds
August 7, 2023
A group of British cybersecurity researchers has figured out a novel new attack method: recording the sound a computer keyboard makes. The researcher took recordings using a nearby smartphone of typists and used it to train a sound classification model, achieving accuracies of 95% to suss out the actual keys pressed. They call this an acoustic side ...
- Ukraine-Linked Group Claims It Hacked Website Of Moscow Property Registration Bureau
August 7, 2023
A Ukraine-linked hacker group said on Telegram on August 7 that it had hacked the website of Moscow’s municipal property registration bureau (MosgorBTI) overnight, saying “the information about state officials, politicians, military, and special services officers who support the Ukraine war had been handed to Ukraine’s defense forces.” The MosgorBTI’s website has yet to comment on ...
- Cyberattack disrupted hospitals, health care in Pennsylvania, 4 other states
August 6, 2023
Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted. Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the ...
- FBI Investigating Cyber Attack Affecting Connecticut Hospitals
August 4, 2023
“Prospect Medical Holdings Inc. recently experienced a data security incident that has disrupted our operations,” said Nina Kruse, ECHN’s vice president for communications and public affairs. “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” she said. The FBI’s field office in New ...
- CISA Releases Five Industrial Control Systems Advisories
August 3, 2023
CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-215-01 Mitsubishi Electric GOT2000 and GOT SIMPLE ICSA-23-215-02 Mitsubishi Electric GT and GOT Series Products Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency