A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
June 13, 2022
Over the past year, this group has extended its targeting beyond telecommunication companies to also include financial institutions and government entities. During this period, we have identified several connections between GALLIUM infrastructure and targeted entities across Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia and Vietnam. Most importantly, we have also identified the group’s ...
- Exposing HelloXD Ransomware and x4k
June 12, 2022
HelloXD is a ransomware family performing double extortion attacks that surfaced in November 2021. During our research Palo Alto team observed multiple variants impacting Windows and Linux systems. Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through TOX chat and ...
- FDNY seeks firewall to stop doxxing, hacking of rescue workers’ personal data
June 12, 2022
The FDNY is seeking to build a digital firewall to protect the Big Apple’s thousands of rescue workers from cyberattacks, including “doxxing,” The Post has learned. The department recently put out a call in the City Record for consultant services “for the development and implementation of protective strategies to address the cyber threat of doxxing and ...
- Aoqin Dragon hacking group quietly spied on their targets for 10 years
June 10, 2022
Researchers have discovered a stealthy espionage campaign by a most likely China-backed hacking group that has targeted government, education and telecommunication organizations since 2013. The attackers used a range of techniques to infect targets with malware, such as via malicious Word documents, fake removable devices leading users to malicious folders, and fake antivirus vendor icons that ...
- Russia, China, warn US its cyber support of Ukraine has consequences
June 10, 2022
Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal. The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia’s illegal invasion. While many nations occasionally mention they possess offensive ...
- Hackers Can Steal Your Tesla by Creating Their Own Personal Keys
June 9, 2022
Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars. For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the ...