A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malaysia arrests 11 suspects for hacking government sites
February 19, 2021
Malaysian officials announced on Thursday the arrest of 11 suspects believed to be part of a hacktivist group that defaced government websites during late January. The group, calling itself Anonymous Malaysia, defaced 17 websites for local governments and universities, according to posts they made on a Facebook page earlier this month. The defacements were part of a ...
- IronNetInjector: Turla’s New Malware Loading Tool
February 19, 2021
In recent years, more and more ready-made malware is released on software development hosting sites available for everybody to use – including threat actors. This not only saves the bad guys development time, but also makes it much easier for them to find new ideas to prevent detection of their malware. Unit 42 researchers have found ...
- Silver Sparrow Malware Found Nesting on 30K Macs
February 19, 2021
Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. Curiously, in the samples seen so far by analysts at Red Canary, the malware (dubbed Silver Sparrow) has been executing on victim machines with the final payload yet to ...
- Malformed URL Prefix Phishing Attacks Spike 6,000%
February 19, 2021
Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL. “The URLs are malformed, not utilizing the normal URL protocols, ...
- Gauging LoRaWAN Communication Security with LoraPWN
February 19, 2021
LoRaWAN technology allows organizations to deploy the internet of things solutions at a much lower cost than existing cellular infrastructure solutions. Because of this, enterprises and smart cities around the world have started using LoRaWAN in their operations. As mentioned in the first article of this series, LoRaWAN technology has been used in infrastructure management, ...
- Industrial Remote Access: Why It’s Not Something to Fear
February 18, 2021
Increased uptime? Check. Better access to outside expertise? Check. Improved first-time-fix rate? Check. These are just some of the benefits of industrial remote access. Yet many customers are reluctant to embrace remote access. Not only that, but incidents such as the breach at the Oldsmar water utility might increase organizations’ reluctance to use remote access. Using Oldsmar ...