A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Update now: Samba prior to 4.13.17 hit with remote root code execution bug
February 1, 2022
Samba has fixed a vulnerability in all versions of its software prior to version 4.13.17 that allowed for a remote actor to execute code as root, thanks to an out-of-bounds heap read write vulnerability. “The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write ...
- Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto
February 1, 2022
A new and powerful malware named ‘Mars Stealer’ has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. Mars Stealer is an information-stealing malware that steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets. Additionally, ...
- Shell forced to reroute supplies after cyberattack on two German oil companies
February 1, 2022
A cyberattack on two German oil suppliers has forced energy giant Shell to reroute oil supplies to other depots, according to Reuters and the Handelsblatt newspaper. Handelsblatt was the first to report on Monday that oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls Group, had suffered a cyberattack that crippled ...
- Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
January 31, 2022
MuddyWater has conducted various campaigns against entities spread throughout the U.S.A, Europe, Middle East and South Asia. A typical TTP employed by the group is the heavy use of scripting in their infection chains using languages like PowerShell and Visual Basic coupled with the frequent use of living-off-the-land binaries (LoLBins). Cisco Talos recently observed a campaign operated ...
- Potential for Malicious Cyber Activities to Disrupt the 2022 Beijing Winter Olympics and Paralympics
January 31, 2022
The FBI is warning entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities to disrupt these events. These activities include distributed denial of service (DDoS) attacks, ransomware, malware, social engineering, data theft or leaks, phishing campaigns, disinformation campaigns, or insider ...
- NSO Group Pegasus Spyware Aims at Finnish Diplomats
January 31, 2022
The controversial Pegasus spyware, developed by NSO Group, has been found on the devices of Finland’s diplomatic corps serving outside the country as part of a wide-ranging espionage campaign, according to Finnish officials. They also said the infections were of the zero-click variety. “The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing ...