Threat actors are actively exploiting recently disclosed vulnerabilities in Fortinet FortiGate devices to bypass authentication and conduct malicious activities. Organizations are urged to apply patches promptly and limit access to mitigate the ongoing threat. #FortiGate #CVE-2025-59718 #CVE-2025-59719
Keypoints
- Cybercriminals are exploiting two critical FortiGate security flaws less than a week after their disclosure.
- The vulnerabilities enable unauthenticated bypass of SSO login through crafted SAML messages when FortiCloud SSO is enabled.
- Attackers are using IP addresses from specific hosting providers to perform malicious SSO logins and export configurations.
- Fortinet has released patches, and organizations should disable FortiCloud SSO and restrict access to management interfaces as temporary mitigations.
- Threat actors may crack hashed credentials offline, so compromised configurations require resetting firewall credentials.
Read More: https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html