A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- BlackMatter ransomware gang says it’s disbanding – again – after Ukraine arrests
November 3, 2021
A member of the BlackMatter (aka Darkside) ransomware gang has publicly claimed the extortionists are shutting down, causing much excitement within the infosec world. A Russian-language message reportedly posted on a forum used by ransomware criminals is said to have announced BlackMatter’s second disappearance of 2021, the gang previously pulling a disappearing act under their former ...
- ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
November 3, 2021
A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted the malicious campaign a few weeks ago, on Oct. 12. Tortilla, ...
- Arrests were made, but the Mekotio Trojan lives on
November 3, 2021
Despite the arrest of individuals connected with the spread of the Mekotio banking Trojan, the malware continues to be used in new attacks. On Wednesday, Check Point Research (CPR) published an analysis on Mekotio, a modular banking Remote Access Trojan (RAT) that targets victims in Brazil, Chile, Mexico, Spain, and Peru — and is now back ...
- UK Labour Party data breach: Supporters’ details affected in cyberattack
November 3, 2021
The Labour Party has confirmed that details of its members and supporters is among information affected by a “cyber incident” at a company which handles the party’s data. In a statement sent to all party members on Wednesday, Labour said the “significant” attack was on “‘a third party that handles data on our behalf” and that ...
- FBI: Ransomware targets companies during mergers and acquisitions
November 2, 2021
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to ...
- Cybercriminals sell access to international shipping, logistics giants
November 2, 2021
Cybercriminals are offering initial access for networks belonging to key players in global supply chains, researchers warn. On Tuesday, Intel 471 published an analysis of current black market trends online, revealing instances of initial access brokers (IABs) offering access to international shipping and logistics companies across the ground, air, and sea. Global supply chains have faced serious ...