A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SonicWall confirms all of its cloud backup customers were affected by data breach
October 10, 2025
All companies using SonicWall’s MySonicWall cloud backup feature have had their firewall configuration files exposed in a recent cyberattack, the company has admitted. After initially claiming “fewer than 5%” of its customer base was affected, the company has revealed the true scale of the incident. In mid-September 2025, SonicWall warned its firewall customers to reset their ...
- Identifying and Mitigating Potential Velociraptor Abuse
October 9, 2025
Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams ...
- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
October 9, 2025
The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure. This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV ...
- Inside Russian Market: Uncovering the Botnet Empire
October 9, 2025
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs, where stolen user credentials are traded daily. Each compromised login represents a potential gateway into corporate systems, enabling threat actors to launch credential-based attacks that put businesses, governments, ...
- Weaponized AI Assistants & Credential Thieves
October 9, 2025
Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud. In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events ...
- Hack on Japan’s biggest brewer renews concerns over cyberattack readiness
October 8, 2025
Japan’s favorite beer brand is reeling from a cyberattack that paralyzed its production last week. Its factories have started brewing again, and some truckloads of beer are leaving its warehouses, but the attack has spotlighted the poor cybersecurity readiness among top-tier companies in the world’s fifth-largest economy. On Tuesday, Qilin, a ransomware group with a track ...