A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Trump Campaign Website Defaced by Cryptocurrency Scam
October 28, 2020
Hackers took over President Trump’s 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. Journalist Gabriel Lorenzo Greschler was the first to notice the attack while he was doing research for a climate-change article, he wrote in a tweet. The ...
- DDoS attacks in Q3 2020
October 28, 2020
Q3 was relatively calm from a DDoS perspective. There were no headline innovations, although cybercriminals did continue to master techniques and develop malware already familiar to us from the last reporting period. For example, another DDoS botnet joined in the assault on Docker environments. The perpetrators infiltrated the target server, created an infected container, and ...
- APT groups aren’t all from Russia, China, and North Korea
October 28, 2020
Advance persistent threat (APT) hacker groups are often assumed to be state-supported organisations such as China’s APT10 aka Stone Panda, Russia’s APT28 aka Fancy Bear, or Vietnam’s APT32 aka Ocean Lotus. However, these and other groups are often identified and named by cyber intelligence firms with strong links to their national government. FireEye and Crowdstrike in ...
- Enel Group hit by ransomware again, Netwalker demands $14 million
October 27, 2020
Multinational energy company Enel Group has been hit by a ransomware attack for the second time this year. This time by Netwalker, who is asking a $14 million ransom for the decryption key and to not release several terabytes of stolen data. Enel is one of the largest players in the European energy sector, with more ...
- Insikt Group Discovers Global Credential Harvesting Campaign Using FiercePhish Open Source Framework
October 27, 2020
Recorded Future’s Insikt Group discovered a wide-reaching phishing campaign utilizing the FiercePhish open source offensive phishing framework. The campaign, which is hosted on Russian domain infrastructure but does not target users in Russia, is globally harvesting credentials from a variety of organizations in the public and private sectors. This campaign, coordinated using asherintartradingcom, has been ...
- FBI: Hackers stole government source code via SonarQube instances
October 27, 2020
The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages. Vulnerable SonarQube servers have ...