A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- French companies Under Attack from Clever BEC Scam
October 6, 2020
The highly anonymous and often secretive nature of the internet has led to the proliferation of scams aimed at separating people and organizations from their money. Trend Micro has been following these scams over the years and have seen many of them evolve from simplistic schemes to more sophisticated campaigns. One of the most dangerous ...
- Inside the Bulletproof Hosting Business – Cybercriminal Methods and OpSec
October 6, 2020
Many cybercriminal operations have some level of organization, planning, and some form of foundation that reflects the technical acumen of the individual or group behind them. The use of underground infrastructure is inherent to the modus operandi of a cybercriminal. In our Underground Hosting series, we have differentiated how cybercrime goods are sold in marketplaces ...
- MosaicRegressor: Lurking in the Shadows of UEFI
October 5, 2020
UEFI (or Unified Extensible Firmware Interface) has become a prominent technology that is embedded within designated chips on modern day computer systems. Replacing the legacy BIOS, it is typically used to facilitate the machine’s boot sequence and load the operating system, while using a feature-rich environment to do so. At the same time, it has ...
- New Jersey hospital paid ransomware gang $670K to prevent data leak
October 3, 2020
University Hospital New Jersey in Newark, New Jersey, paid a $670,000 ransomware demand this month to prevent the publishing of 240 GB of stolen data, including patient info. The attack on the hospital occurred in early September by a ransomware operation known as SunCrypt, who infiltrates a network, steals unencrypted files, and then encrypts all of ...
- XDSpy cyber-espionage group operated discretely for nine years
October 2, 2020
Researchers at ESET today published details about a threat actor that has been operating for at least nine years, yet their activity attracted almost no public attention. Going largely unnoticed for this long is a rare occurrence these days as malicious campaigns from long-standing adversaries overlap at one point or give sufficient clues for researchers to ...
- Ransomware: Gangs are shifting targets and upping their ransom demands
October 2, 2020
Ransomware attacks continue to grow, according to data from IBM, which also suggests that ransomware gangs are upping their ransomware demands and getting more sophisticated about how they calculate the ransom they try to extort. The number of ransomware attacks IBM’s Security X-Force Incident Response team were called in to deal with tripled in the second ...