A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
June 23, 2021
A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug (CVE-2021-3044) is an improper-authorization vulnerability that “enables a remote unauthenticated attacker ...
- REvil Ransomware Code Ripped Off by Rivals
June 23, 2021
They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers. A malware analysis of LV from Secureworks Counter Threat Unit (CTU) found that its operators (which it calls Gold ...
- How to confuse antimalware neural networks. Adversarial attacks and protection
June 23, 2021
Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic detection, for processing sandbox logs and ...
- NukeSped Copies Fileless Code From Bundlore, Leaves It Unused
June 22, 2021
While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped. The backdoor has been attributed to the cybercriminal group Lazarus, which has been active since at least 2014. There are multiple variants of NukeSped, which is designed ...
- Ever101 ransomware payment traced to a sensual massage site
June 22, 2021
A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages. The attack was conducted by a more recent ransomware operation known as Ever101 who compromised an Israeli computer farm and proceeded to encrypt its devices. Read more… Source: Bleeping Computer
- Email Bug Allows Message Snooping, Credential Theft
June 22, 2021
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by ...