Key points:
- Arctic Wolf reports a surge in attacks exploiting Fortinet vulnerabilities since December 12, 2025.
- CVE-2025-59718 and CVE-2025-59719 allow attackers to bypass FortiCloud SSO authentication.
- CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities catalog, urging immediate remediation.
- Organizations are advised to disable FortiCloud SSO, apply patches, and rotate credentials to mitigate risks.
- Exfiltrated configuration files could lead to targeted attacks and network compromises.
Sources:
CSO Online
(1 articles)