A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Coinminer, DDoS Bot Attack Docker Daemon Ports
May 6, 2020
Researchers found an open directory containing malicious files, which was first reported in a series of Twitter posts by MalwareHunterTeam. Analyzing some of the files, we found a malicious cryptocurrency miner and Distributed Denial of Service (DDoS) bot that targets open Docker daemon ports. The attack starts with the shell script named mxutzh.sh, which scans for open ports (2375, ...
- DDoS attacks in Q1 2020
May 6, 2020
Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, ...
- Excel Files with Hidden Sheets Target Users in Italy
May 5, 2020
A spam campaign using emails that have Excel file (.xls) attachments (detected by Trend Micro as Trojan.XF.HIDDBOOK.THDBHBO) has been seen circulating and targeting users in Italy and some users in Germany and other countries. The attachment appears blank when opened, but it has a sheet set to “hidden” that attempts to connect to a URL and download a ...
- COVID-19: Cloud Threat Landscape
May 4, 2020
Unit 42 researchers analyzed 1.2 million newly observed hostnames (NOH) containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 (7 weeks). 86,600+ fully qualified domain names are classified as “high-risk” or “malicious” (C2, malware, or phishing), spread across various regions , as shown in Figure 1. The United States ...
- Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
May 4, 2020
Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. The company said it has received numerous reports that attackers were targeting the vulnerability patched last month. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications. The server has a remote ...
- Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems
May 4, 2020
The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and ...