A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Lazarus group strikes cryptocurrency firm through LinkedIn job adverts
August 25, 2020
The Lazarus group is on the hunt for cryptocurrency once more and has now launched a targeted attack against a crypto organization by exploiting the human element of the corporate chain. On Tuesday, cybersecurity researchers from F-Secure said the cryptocurrency organization is one of the latest victims in a global campaign which has targeted businesses in ...
- Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites
August 25, 2020
It has now become a mainstream tactic for big ransomware groups to create so-called “leak sites” where they upload and leak sensitive documents from companies who refuse to pay the ransomware decryption fee. These “leak sites” are part of a new trend forming on the cybercriminal underground where ransomware groups are adopting a new tactic called ...
- Brute-force cyberattacks on the rise in Brazil
August 24, 2020
Brazil has seen a spike in brute-force cyberattacks driven by the increase in remote working, according to a new report on security threats in the first six months of 2020. More than 2.6 billion attempts at cyber attacks have been recorded by cybersecurity firm Fortinet from January to June, out of a total of 15 billion ...
- Group of unskilled Iranian hackers behind recent attacks with Dharma ransomware
August 24, 2020
Cyber-security firm Group-IB says it identified a group of low-skilled hackers operating out of Iran that has been launching attacks against companies in Asia and attempting to encrypt their networks with a version of the Dharma ransomware. The attacks have targeted companies located in Russia, Japan, China, and India, according to a report Group-IB researchers published ...
- Lifting the veil on DeathStalker, a mercenary triumvirate
August 24, 2020
State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much ...
- FBI and CISA warn of major wave of vishing attacks targeting teleworkers
August 22, 2020
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory on Thursday, warning about an ongoing wave of vishing attacks targeting the US private sector. Vishing, or voice phishing, is a form of social engineering where criminals call victims to obtain desired information, usually posing as ...