A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber attack targets Libyan internet provider LTT
July 13, 2023
The Libyan Post Telecommunications & Information Technology Company (LPTIC) said Wednesday that the data center of Libya Internet and Technology, the state-run internet provider, came under a cyber attack which led to disruption of services. In a statement, the LPTIC added that unknown attacker attempted to hack the data center but its cybersecurity team and LTT ...
- FortiGuard Labs Discovers Multiple Vulnerabilities in Adobe InDesign
July 13, 2023
This past March, Fortinet researcher Yonghui Han discovered and reported several zero-day vulnerabilities in Adobe InDesign to Adobe. And on Patch Tuesday, July 11, 2023, Adobe released their security patches to fix them. The vulnerabilities are identified as CVE-2023-29308, CVE-2023-29309, CVE-2023-29310, CVE-2023-29311, CVE-2023-29312, CVE-2023-29313, CVE-2023-29314, CVE-2023-29315, CVE-2023-29316, CVE-2023-29317, CVE-2023-29318, and CVE-2023-29319. All of these vulnerabilities have been ...
- Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
July 13, 2023
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. Seven vulnerabilities affect Apple macOS only Two vulnerabilities affect VMWare vCenter. Three vulnerabilities affect both. Read more… Source: Cisco Talos
- Malicious campaigns target government, military and civilian entities in Ukraine, Poland
July 13, 2023
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. Cisco Talos judge that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity Cisco Talos analyzed occurred as early as April 2022 and as recently as earlier ...
- Commerce Secretary Gina Raimondo’s emails hacked in Microsoft cyber breach
July 13, 2023
Commerce Secretary Gina Raimondo’s emails were hacked as part of the Microsoft cyber breach, according to a source familiar with the investigation. Microsoft’s Outlook systems were breached by Chinese hackers, according to the company. The breach was discovered in May. Read more… Source: ABC News
- Utility cyber threats on the rise, but experts say don’t forget basics
July 12, 2023
“There’s an increase in threat actors targeting critical infrastructure,” said Katell Thielemann, a Gartner research analyst focused on risk and security for cyber-physical systems. “And there’s an enhanced sensitivity that threat actors are probing infrastructure.” Since 2021, the U.S. Department of Energy’s annual summary of electric disturbance events shows an uptick in cyber activity. And cyber ...