A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Wymondham College hit by sophisticated cyber attack
March 14, 2023
Wymondham College said disruption was likely to continue until the Easter holidays due to its IT system being targeted. In a message sent to students, seen by the EDP, the college apologised for disruption but said it believed there had been no data breach. Read more… Source: Wymondham Evening News
- Cyprus: Land registry website problems due to ‘cyber attack’
March 12, 2023
After a “thorough evaluation of all data”, the land registry department on Sunday said the technical problem that saw it go offline since Wednesday was due to a “cyber attack” The department said that due to the nature of the problem and the size of the systems, they will be gradually restored, starting with the restoration ...
- “Massive” cyber attack crashes African Union’s system
March 11, 2023
Cyber attackers prey on the African Union (AU), resulting in the unscheduled suspension of its systems. The Reporter got a copy of an internal memo that said an attack on the AU data center started last week, making services and applications unavailable. Sources say that more than 200 corrupted devices have been found and are being ...
- Canada: Cyber attack hits engineering giant with contracts for military bases, power plants
March 9, 2023
A Canadian engineering giant whose work involves critical military, power and transportation infrastructure across the country has been hit with a ransomware attack. Toronto-based Black & McDonald has so far refused to publicly comment on the cyberattack, while the Department of National Defence and other clients of the company have downplayed any impact or damage. Read more… Source: ...
- Suspected Chinese cyber spies target unpatched SonicWall devices
March 9, 2023
Suspected Chinese cyber criminals have zeroed in on unpatched SonicWall gateways and are infecting the devices with credential-stealing malware that persists through firmware upgrades, according to Mandiant. The spyware targets the SonicWall Secure Mobile Access (SMA) 100 Series – a gateway device that provides VPN access to remote users. Read more… Source: The Register
- Examining Ransomware Payments From a Data-Science Lens
March 9, 2023
Ransomware has come a long way since the Internet’s pre-cryptocurrency days. The advent of cryptocurrency was an important turning point in the evolution of this cyberthreat, as malicious actors are now no longer confined to available local or regional payment options when collecting ransom payments. The operation costs and monetization models of a ransomware group can be ...