A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK MoD under fire over multiple data breaches
January 18, 2021
The UK Ministry of Defense (MoD) suffered more data breaches in 2020 than in the year prior, seven of which were reported to the Information Commissioner’s Office (ICO) for further investigation. This is according to a new report from the Parliament Street Think Tank, and based on data provided by the MoD itself. Overall, there was an ...
- Ransomware attacks now to blame for half of healthcare data breaches
January 15, 2021
Almost half of all data breaches in hospitals and the wider healthcare sector are as a result of ransomware attacks according to new research. Ransomware gangs are increasingly adding an extra layer of extortion to attacks by not only encrypting networks and demanding hundreds of thousands or even millions of dollars in bitcoin to restore them, ...
- Hackers breach Foreign Office computers in cyber attack on Government countryside outpost
January 15, 2021
It is understood the attack is not connected to the devastating cyber attack on the Solar Winds Orion software, which US officials pin on Russian hackers. The Foreign Office has not commented on any suspects of its investigation, but tonight confirmed the breach, which was first reported by The Sun. A Government spokesperson said: ‘We take data ...
- Xiaomi added to US list of alleged Communist Chinese military companies
January 15, 2021
Chinese hardware manufacturer Xiaomi has been added to a list of alleged Communist Chinese military companies by the United States Department of Defense. “The Department is determined to highlight and counter the People’s Republic of China’s (PRC) Military-Civil Fusion development strategy, which supports the modernisation goals of the People’s Liberation Army by ensuring its access to ...
- Microsoft addresses a Critical RCE vulnerability affecting the Netlogon protocol CVE-2020-1472
January 14, 2021
Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. This will block vulnerable connections from non-compliant devices. DC enforcement mode requires that all Windows ...
- Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs
January 14, 2021
Apple has removed a controversial feature from the macOS operating system that allowed 53 of Apple’s own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection. Known as the ContentFilterExclusionList, the list was included in macOS 11, also known as Big Sur. The exclusion list included some of Apple’s biggest ...