A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
June 30, 2020
he APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim’s machine. The group (a.k.a. Promethium) is operating a series of bogus websites purporting to offer a ...
- CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
June 30, 2020
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...
- New EvilQuest ransomware discovered targeting macOS users
June 30, 2020
Security researchers have discovered this week a new ransomware strain targeting macOS users. Named OSX.EvilQuest, this ransomware is different from previous macOS ransomware threats because besides encrypting the victim’s files, EvilQuest also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. “Armed with these capabilities, the attacker can main full control over ...
- Chinese malware used in attacks against Australian orgs
June 28, 2020
The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country. Behind the attack is a “sophisticated” adversary that relies on slightly modified proof-of-concept exploit code for yesteryear vulnerabilities, the government says. An unofficial blame finger points to China. The ...
- Battling COVID; a cyber Airman’s story
June 26, 2020
Tech. Sgt. Brandon Ibanez, a cyber intelligence analyst with the 854th Combat Operations Squadron here, doesn’t wear a helmet to work, nor does he wear a sword or shield. As a Gladiator in the 960th Cyberspace Wing, it’s not a requirement to don the traditional uniform of ancient Roman fighters, and it would be impractical because ...
- DarkCrewFriends Returns with Botnet Strategy
June 26, 2020
The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service (DDoS) attacks, command execution, information exfiltration or sabotage of an infected system. Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload ...