A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Security Risks for Audio-centric Social Media Apps
February 24, 2021
The use of audio-only social media apps such as ClubHouse, Riffr, Listen, Audlist, and HearMeOut has been steadily capturing the interest of more and more users over the recent years. But just like any other technology, apps like these are not immune from security risks. Furthermore, most of these risks can be automated, helping attackers ...
- COVID pandemic causes spike in cyberattacks against hospitals, medical companies
February 24, 2021
Cyberattacks against healthcare organizations have doubled during the coronavirus pandemic, research suggests. On Wednesday, IBM released the company’s annual X-Force Threat Intelligence Index, which analyzed data from the previous year to track the evolution of new threats, malware development, and cyberattacks. The 2021 index includes some notable trends, perhaps the most significant being how many threat actors ...
- CISA Alert (AA21-055A): Exploitation of Accellion File Transfer Appliance
February 24, 2021
This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the ...
- APT32 state hackers target human rights defenders with spyware
February 23, 2021
Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. The state hackers also pointed their attacks at a nonprofit (NPO) human rights organization from Vietnam, as Amnesty International’s Security Lab revealed (full report here). The spyware used by the APT32 hackers allowed them to read ...
- Airplane maker Bombardier data posted on ransomware leak site following FTA hack
February 23, 2021
Canadian airplane manufacturer Bombardier has disclosed today a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang. “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated ...
- Finnish IT Giant Hit with Ransomware Cyberattack
February 23, 2021
Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a communications director at the company. Remman acknowledged technical problems with several services that TietoEVRY provides to 25 customers, which are “due to a ransom attack,” according to the report. Remman told E24 that the company ...