A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device.
Current information indicates that the two CVEs have the same root cause and are differentiated by the products affected: CVE-2025-59719 specifically affects FortiWeb, while CVE-2025-59718 affects FortiOS, FortiProxy, and FortiSwitchManager. While the vulnerable FortiCloud SSO feature is disabled by default in factory settings, it is automatically enabled when a device is registered to FortiCare via the GUI, unless an administrator explicitly opts out.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SORA and UNSTABLE: 2 Mirai Variants Target Video Surveillance Storage Systems
February 5, 2020
Trend Micro researchers encountered two variants of the notorious internet of things (IoT) malware, Mirai, employing a new propagation method. The two variants, namely SORA (detected as IoT.Linux.MIRAI.DLEU) and UNSTABLE (detected as IoT.Linux.MIRAI.DLEV), gain entry through Rasilient PixelStor5000 video surveillance storage systems by exploiting CVE-2020-6756. Mirai is a type of malware that actively searches for IoT devices with vulnerabilities, infects them, and turns ...
- Gamaredon APT Improves Toolset to Target Ukraine Government, Military
February 5, 2020
The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. ...
- Ransomware Attack Hinders Toll Group Operations
February 4, 2020
Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is ...
- Twitter API Abused to Uncover User Identities
February 4, 2020
Twitter said that malicious actors, with potential ties to state-sponsored groups, were abusing a legitimate function on its platform to unmask the identity of users. The social media giant said that on Dec. 24, 2019, it discovered a large network of fake accounts abusing a legitimate API (application programming interface) function on its platform that, when ...
- U.S. Battleground County Website Security Survey
February 3, 2020
Today McAfee released the results of a survey of county websites and county election administration websites in the 13 states projected as battleground states in the 2020 U.S. presidential elections. We found that significant majorities of these websites lacked the official government .GOV website validation and HTTPS website security measures to prevent malicious actors from launching copycat web domains ...
- Only three of the Top 100 international airports pass basic security checks
February 3, 2020
Only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb. The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland. According to ImmuniWeb, these three “may serve a laudable example not just to the ...