Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)
Overview
Researchers at Arctic Wolf have reported that attackers are actively exploiting a vulnerability in Fortinet's FortiGate firewalls, identified as CVE-2025-59718. This flaw allows unauthorized access to the firewalls, enabling attackers to export sensitive system configuration files. These files can reveal critical information about the network, security policies, and even encrypted passwords, which could facilitate further attacks. Organizations using FortiGate firewalls should take immediate action to protect their systems, as the risk of a security breach is significant due to the data that can be accessed through this vulnerability. The situation underscores the importance of timely updates and security measures to safeguard network infrastructure.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Fortinet FortiGate firewalls, specifically affected by CVE-2025-59718 and CVE-2025-59719.
- Action Required: Organizations should apply any available patches from Fortinet for CVE-2025-59718 and CVE-2025-59719.
- Timeline: Newly disclosed
Original Article Summary
Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about the underlying network and infrastructure, firewall and security policies, encrypted/hashed passwords, and more. Some of this data can come in handy for executing successfuly attacks at a later date. CVE-2025-59718 and CVE-2025-59719 Fortinet discovered CVE-2025-59718 and … More → The post Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) appeared first on Help Net Security.
Impact
Fortinet FortiGate firewalls, specifically affected by CVE-2025-59718 and CVE-2025-59719.
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Organizations should apply any available patches from Fortinet for CVE-2025-59718 and CVE-2025-59719. Regularly updating firewall configurations and ensuring strong authentication practices are also recommended to mitigate risks.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Fortinet, Vulnerability, and 1 more.