CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek.

Fortinet vulnerability

Threat actors have started exploiting two recent Fortinet vulnerabilities only days after patches were released, Arctic Wolf warns.

The two flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.8), are described as improper verification of cryptographic signature issues impacting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.

Fortinet rolled out fixes for the two bugs on December 9, warning that they can be exploited via crafted SAML response messages to bypass the FortiCloud SSO login authentication.

While disabled in default factory settings, SSO login authentication is enabled when an administrator registers a new device to FortiCare, unless they specifically disable the feature from the registration page.

Arctic Wolf says it observed threat actors exploiting the critical-severity authentication bypass defects starting December 12, only three days after patches were released.

As part of the observed intrusions, the malicious SSO logins on FortiGate devices typically targeted the admin account and originated from multiple hosting providers.

Following successful logins, the threat actors exported device configurations via the GUI interface.

The configuration files, Arctic Wolf points out, contain hashed credentials, and threat actors are known to crack the hashes offline.

Administrators are advised to hunt for potential malicious activity and to reset credentials if any is discovered. Access to the firewall management interface should be restricted to trusted internal networks.

Patches for the exploited Fortinet vulnerabilities were included in FortiOS versions 7.6.4, 7.4.9, 7.2.12, and 7.0.18, FortiProxy versions 7.6.4, 7.4.11, 7.2.15, and 7.0.22, FortiSwitchManager versions 7.2.7 and 7.0.6, and FortiWeb versions 8.0.1, 7.6.5, and 7.4.10.

Fortinet recommends disabling the ‘Allow administrative login using FortiCloud SSO’ feature to prevent exploitation.

Related: Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery

Related: Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

Related: Gladinet CentreStack Flaw Exploited to Hack Organizations

Related: Recent GeoServer Vulnerability Exploited in Attacks

Latest News

CYBERNEWSMEDIAPublisher