A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Forward-looking security analysis of smart factories [Part 3] – Trojanized libraries for industrial IoT devices
June 11, 2020
IoT devices are being incorporated more and more into smart factories. IoT devices are endpoints that have a unique IP address and that can connect to the Internet; they are expected to be used for various purposes not only in development but also in production environments, in combination with original programs developed in-house as well ...
- FBI warns of increased hacking risk if using mobile banking apps
June 10, 2020
The U.S. Federal Bureau of Investigation (FBI) today warned mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts. The alert, published on the agency’s Internet Crime Complaint Center (IC3), says that the increased usage of such apps during the pandemic could lead to ...
- Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
June 9, 2020
The APT known as TA410 has added a modular remote-access trojan (RAT) to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard, mouse, screen, files, services and processes of an infected computer, with the ability ...
- Hackers for hire targeted hundreds of institutions, says report
June 9, 2020
A hackers-for-hire group dubbed “Dark Basin” has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds, and companies, according to the Internet watchdog Citizen Lab. Researchers discovered almost 28,000 webpages created by hackers for personalized “spear phishing” attacks designed to steal passwords, according to a ...
- Maze Ransomware adds Ragnar Locker to its extortion cartel
June 8, 2020
A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen. Before encrypting a victim’s network, most network-targeting ransomware operations will steal a victim’s unencrypted files. These files are then used as leverage by threatening to release them publicly on data leak sites if a ransom is ...
- Honda investigates possible ransomware attack, networks impacted
June 8, 2020
Computer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack. Details are unclear at the moment but the company is currently investigating the cause of the problems that were detected on Monday. The company has confirmed to BleepingComputer that its IT network is not functioning ...