A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Insurance giant AON hit by a cyberattack over the weekend
February 28, 2022
Professional services and insurance giant AON has suffered a cyberattack that impacted a “limited” number of systems. AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cybersecurity consulting, risk solutions, healthcare insurance, and wealth management products. AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees ...
- Manufacturing is the most targeted sector by ransomware in Brazil
February 28, 2022
According to a report published by IBM on security threats in Latin America, companies from the manufacturing sector are feeling the greatest impact of attacks orchestrated by ransomware gangs. Ransomware, corporate email compromise, and credential harvesting together brought bring sector companies to a standstill in Latin America in 2021, further straining supply chains, the X-Force Threat ...
- Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
February 28, 2022
New research by the Symantec Threat Hunter team, part of Broadcom Software, has uncovered a highly sophisticated piece of malware being used by China-linked threat actors, exhibiting technical complexity previously unseen by such actors. The malware appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets. There is strong ...
- Toyota supplier reports cyberattack that halts production across Japan
February 28, 2022
Toyota has shut down production at 14 of its plants in Japan after a supplier reported a cyberattack, according to a statement provided to Reuters and the Associated Press. Toyota did not respond to multiple requests for comment but said the outages were the result of a “supplier system failure.” Kojima Industries Corp, one of the ...
- Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store
February 28, 2022
Microsoft says it found a new malware package — which it calls “FoxBlade” — hours before Russia began its invasion of Ukraine on February 24. In a blog post, Microsoft president Brad Smith said it was coordinating its efforts to protect users in Ukraine with the Ukrainian government, the European Union, European nations, the US government, ...
- Ukraine security agencies warn of Ghostwriter threat activity, phishing campaigns
February 28, 2022
The Computer Emergency Response Team for Ukraine (CERT-UA) has warned of ongoing phishing and Ghostwriter activities attacking organizations in the country. On February 26, CERT-UA said it continues to track the movements of UNC1151/Ghostwriter, which is currently attacking targets in Ukraine, Poland, Belarus, and Russia. Ghostwriter is believed to be of Belarusian origin. According to the security ...