Threat actors have exploited recently patched vulnerabilities in Fortinet devices within days of their release, leading to unauthorized access and configuration theft. Experts advise immediate action to detect malicious activity and secure systems against further attacks. #FortinetVulnerabilities #FortiOS #FortiWeb
Keypoints
-
<li Threat actors exploited Fortinet vulnerabilities CVE-2025-59718 and CVE-2025-59719 shortly after patches were issued.
- The flaws allow bypassing FortiCloud SSO login authentication via crafted SAML responses.
- Exploited attacks primarily targeted admin accounts through malicious SSO logins from multiple hosting providers.
- Post-login activities included exporting device configurations containing hashed credentials for offline cracking.
- Fortinet recommends disabling the βAllow administrative login using FortiCloud SSOβ feature and applying the latest patches.
Read More: https://www.securityweek.com/in-the-wild-exploitation-of-fresh-fortinet-flaws-begins/