A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian government warns of US retaliatory cyberattacks
January 23, 2021
The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach. Last month, the SolarWinds network management company disclosed that they suffered a sophisticated cyberattack that led to a supply chain attack affecting 18,000 customers. The US government believes that this attack was conducted by ...
- SonicWall firewall maker hacked using zero-day in its VPN device
January 23, 2021
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, ...
- Malware found on laptops given out by UK government
January 23, 2021
Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain malware, BBC News has learned. Teachers shared details on an online forum about suspicious files found on devices sent to a Bradford school. The malware, which they said appeared to be contacting Russian servers, is believed to have been found on ...
- SolarWinds: How Sunburst Sends Data Back to the Attackers
January 22, 2021
In our previous blog we described how the attackers controlled the Sunburst malware, and detailed a variety of commands that will result in data being sent to the threat actors. The next technique to discuss is how Sunburst sends this data to the attackers. If data is being sent to the attacker as a result of ...
- Network Attack Trends: Internet of Threats
January 22, 2021
Unit 42 researchers observed interesting attack trends from August-October 2020. Despite a surge in scanner activities and HTTP directory traversal exploitation attempts, CVE-2012-2311 and CVE-2012-1823, which were the most commonly exploited vulnerabilities in the wild in early summer 2020, are no longer at the top of that list. Several new critical exploits, including but not ...
- Amazon Kindle RCE Attack Starts with an Email
January 22, 2021
Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the “Send to Kindle” feature to ...