A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malware devs already bypassed Android 13’s new security feature
August 17, 2022
Android malware developers are already adjusting their tactics to bypass a new ‘Restricted setting’ security feature introduced by Google in the newly released Android 13. Android 13 was released this week, with the new operating system being rolled out to Google Pixel devices and the source code published on AOSP. As part of this release, Google attempted ...
- Shuckworm: Russia-Linked Group Maintains Ukraine Focus
August 17, 2022
Recent Shuckworm activity observed by Symantec, a division of Broadcom Software, and aimed at Ukraine appears to be delivering information-stealing malware to targeted networks. This activity was ongoing as recently as August 8, 2022 and much of the activity observed in this campaign is consistent with activity that was highlighted by CERT-UA on July 26. The ...
- Hackers attack UK water supplier but extort wrong company
August 16, 2022
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack. As the announcement explains, the safety and water distribution systems are still operational, so the disruption of the IT systems doesn’t impact the supply of safe water to its customers ...
- 1,900 Signal users exposed: Twilio attacker ‘explicitly’ looked for certain numbers
August 16, 2022
The security breach at Twilio earlier this month affected at least one high-value customer, Signal, and led to the exposure of the phone number and SMS registration codes for 1,900 users of the encrypted messaging service, it confirmed. However, Signal – considered one of the better secured of all the encrypted messaging apps – claims the ...
- Three vulnerabilities in HDF5 file format could lead to remote code execution
August 16, 2022
Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5 gif2h5 tool that’s normally used to convert a GIF file to the HDF5 format, commonly used to store large amounts of ...
- Two more malicious Python packages in the PyPI
August 16, 2022
On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers. The malicious packages were intended to steal developers’ personal data and credentials. Following this research, Kaspersky used their internal automated system for monitoring open-source repositories and discovered two other malicious ...