A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
November 3, 2025
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as ...
- University of Pennsylvania says it has called FBI over data breach
November 3, 2025
The University of Pennsylvania says it has called in the Federal Bureau of Investigation after offensive emails were distributed to alumni. In a statement, the university said that a data breach had affected “select information systems.” An email sent to University of Pennsylvania alumni on Friday and reviewed by Reuters showed that someone masquerading as the ...
- US government warns Linux CVE-2024-1086 flaw is now being exploited for ransomware attacks
November 3, 2025
The US government is warning that a Linux flaw introduced more than a decade ago – and fixed more than a year ago – is being actively used in ransomware attacks. In February 2014, a vulnerability was introduced into the Linux kernel via a commit. The bug was first disclosed in late January 2024, and described ...
- Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks
November 2, 2025
Rogue employees of a Chicago company that specializes in negotiating ransoms to mitigate cyber attacks were carrying out their own piracy in a plot to extort millions of dollars from a series of companies, prosecutors say. Kevin Tyler Martin, a ransomware threat negotiator for River North-based DigitalMint at the time of the alleged conspiracy, was among ...
- Update Chrome now: 20 security fixes just landed
October 31, 2025
Google has released an update for its Chrome browser that includes 20 security fixes, several of which are classed as high severity. Most of these flaws were found in Chrome’s V8 engine—the part of Chrome (and other Chromium-based browsers) that runs JavaScript. Chrome is by far the world’s most popular browser, used by an estimated 3.4 ...
- Canadian government claims hacktivists are attacking water and energy facilities
October 31, 2025
The Canadian government has issued a new security alert warning of so-called hacktivists targeting Industrial Control Systems (ICS). The report says the Cyber Centre and the Royal Canadian Mounted Police has received “multiple reports” of incidents involving internet-accessible ICS. Among the reports were an attack on a water facility, in which the miscreants tampered with water ...