A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Maldives: Sun Siyam Resorts’ IT network hit with cyber attack
July 25, 2023
Sun Siyam Resorts IT network has been targeted by a hacking attack. The company’s management said its team was working diligently to resolve the issue promptly. The company asked for patience and support as it works to resolve the issue. Read more… Source: Sun Siyam News
- Norway government ministries hit by cyber attack
July 24, 2023
Norwegian authorities reported a cyber attack of unknown origin against 12 government ministries on Monday. “We have uncovered a previously unknown vulnerability in the software of one of our suppliers,” said Erik Hope, director of the Norwegian ministries’ security and service organisation, in a press statement. “This vulnerability has been exploited by an unknown actor. We ...
- Ivanti Patches Endpoint Manager Mobile CVE-2023-35078 Remote Unauthenticated API Access Vulnerability
July 24, 2023
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk. If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
July 24, 2023
Over the last few months, FortiGuard Labs has discovered and reported multiple vulnerabilities found in the Microsoft Message Queuing (MSMQ) service. Microsoft patched these vulnerabilities in the April and July 2023 security updates. These patches are rated as critical/important, and as always, we urge users to install them as soon as possible. Read more… Source: Fortinet Labs
- Spyhide stalkerware is spying on tens of thousands of phones
July 24, 2023
A phone surveillance app called Spyhide is stealthily collecting private phone data from tens of thousands of Android devices around the world, new data shows. Spyhide is a widely used stalkerware (or spouseware) app that is planted on a victim’s phone, often by someone with knowledge of their passcode. The app is designed to stay hidden ...
- North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
July 24, 2023
In July 2023, Mandiant Consulting responded to a supply chain compromise affecting a US-based software solutions entity. Mandiant researchers believe the compromise ultimately began as a result of a sophisticated spear phishing campaign aimed at JumpCloud, a zero-trust directory platform service used for identity and access management. JumpCloud reported this unauthorized access impacted fewer than five ...