VulnHub

Fortinet has reported that a five-year-old vulnerability in its FortiOS SSL VPN is being actively exploited. This flaw, identified as CVE-2020-12812, allows attackers to bypass two-factor authentication under specific configurations, enabling unauthorized access to systems. Organizations using affected versions of FortiOS SSL VPN should be particularly vigilant, as this vulnerability could lead to significant security breaches. The issue emphasizes the need for users to ensure their VPN configurations are secure and up-to-date. Fortinet's warning serves as a critical reminder of the importance of addressing known vulnerabilities, even those that have been around for several years.

Researchers at Arctic Wolf have reported that attackers are actively exploiting a vulnerability in Fortinet's FortiGate firewalls, identified as CVE-2025-59718. This flaw allows unauthorized access to the firewalls, enabling attackers to export sensitive system configuration files. These files can reveal critical information about the network, security policies, and even encrypted passwords, which could facilitate further attacks. Organizations using FortiGate firewalls should take immediate action to protect their systems, as the risk of a security breach is significant due to the data that can be accessed through this vulnerability. The situation underscores the importance of timely updates and security measures to safeguard network infrastructure.

Fortinet FortiGate devices are currently under active attack due to two recently disclosed vulnerabilities, CVE-2025-59718 and CVE-2025-59719, which allow for authentication bypass through malicious single sign-on (SSO) logins. Cybersecurity firm Arctic Wolf reported observing these attacks on December 12, 2025, just days after the vulnerabilities were made public. This situation poses significant risks for organizations using FortiGate appliances, as attackers can potentially gain unauthorized access to sensitive systems. Companies using these devices should take immediate action to protect their networks and data from these ongoing intrusions.

Cybercriminals are currently exploiting two serious authentication bypass vulnerabilities in FortiGate appliances. These flaws allow unauthorized access to systems, putting sensitive data at risk for organizations using these devices. Fortinet has confirmed that these vulnerabilities are being actively exploited in the wild, making it urgent for users to take action. Companies that rely on FortiGate appliances should prioritize applying available patches and updates to protect against potential intrusions. The situation underscores the need for vigilance in maintaining security measures, especially with rapidly evolving threats.

The Iranian hacking group MuddyWater has deployed a new backdoor known as UDPGangster, which utilizes the User Datagram Protocol for command-and-control operations. This targeted cyber espionage campaign is focused on users in Turkey, Israel, and Azerbaijan, highlighting the ongoing threat posed by state-sponsored hacking groups in the region.

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.

Fortinet has issued a warning regarding a medium-severity vulnerability in FortiWeb, tracked as CVE-2025-58034, which has been actively exploited in the wild. The flaw, categorized as an OS Command Injection vulnerability, could allow authenticated attackers to execute arbitrary commands on affected systems.