A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russia shares list of 17,000 IPs allegedly DDoSing Russian orgs
March 5, 2022
The Russian government shared a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks. The list was shared by the National Coordination Center for Computer Incidents (NKTsKI), an organization created by Russia’s Federal Security Service (FSB), together with guidance to defend against the attacks and ...
- National Security Agency Cybersecurity Technical Report: Network Infrastructure Security Guidance
March 4, 2022
Guidance for securing networks continues to evolve as new vulnerabilities are exploited by adversaries, new security features are implemented, and new methods of securing devices are identified. Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network. All networks are at risk of compromise, especially if devices are not properly ...
- CISA Adds 95 Known Exploited Vulnerabilities to Catalog
March 3, 2022
CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the ...
- Threat landscape for industrial automation systems, H2 2021
March 3, 2022
2021 is the second year we have spent living and working in the pandemic. By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable, particularly in H2. The percentage of ICS ...
- ‘Several combinations of social engineering’ used during cyberattack on camera maker Axis
March 3, 2022
Camera maker Axis released more details about a cyberattack that started on the night of Saturday, February 19. In its initial messages on its website, the Swedish camera giant said it got alerts from its cybersecurity and intrusion detection system on Sunday, February 20, before it shut down all public-facing services globally in the hopes of ...
- NVIDIA DLSS source code leaked as part of cyberattack
March 2, 2022
The attack on NVIDIA continues, this time with an alleged leak of the source code for the company’s DLSS tech. A ransomware group known as Lapsus has allegedly shared NVIDIA’s DLSS source code as part of a cyberattack. The group has demanded that NVIDIA remove mining limitations from RTX 30-series graphics cards. The leaked DLSS source code ...