A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- INTERPOL report shows alarming rate of cyberattacks during COVID-19
August 4, 2020
An INTERPOL assessment of the impact of COVID-19 on cybercrime has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure. With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, ...
- Vulnerable perimeter devices: a huge attack surface
August 4, 2020
With the increase of critical gateway devices deployed to support off-premise work, companies across the world have to adapt to a new threat landscape where perimeter and remote access devices are now in the first line. Companies lack visibility into the growing network of internet-connected services and devices that support the new work paradigm; and the ...
- WastedLocker ransomware abuses Windows feature to evade detection
August 4, 2020
The WastedLocker ransomware is abusing a Windows memory management feature to evade detection by security software. Before we get to how WastedLocker is evading detection, it is necessary to understand how anti-ransomware solutions detect ransomware. Anti-ransomware solutions will monitor the operating system for file system calls traditionally used by ransomware when encrypting a file. Read more… Source: Bleeping Computer
- Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw
August 4, 2020
Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL (End of Life). The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent ...
- UK: Russian hackers stole trade papers from Liam Fox email
August 3, 2020
Documents on UK-US trade talks, leaked ahead of the 2019 general election, were stolen from an email account belonging to Conservative MP Liam Fox, it has emerged. The papers were published online and used by Labour in the 2019 campaign to claim the NHS would be put at risk. The UK government has said Russians almost certainly ...
- CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor
August 3, 2020
Three agencies of the US government have published today a joint alert alerting US private entities about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers. The alert has been authored by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense’s Cyber Command (CyberCom), and ...