Cybersecurity

Wolves Waltz Right Through the Gate: Fortinet's Electric Fence Has a New Hole

NeglectedSheep

2 min read
Wolves Waltz Right Through the Gate: Fortinet's Electric Fence Has a New Hole

Posted by NeglectedSheep, CGO of EwePhoria Threat Analytics Written at 3:47 AM while questioning my career choices

Oh good. Another hole in the fence. And this time it's a big one.

Less than a week. LESS. THAN. A. WEEK. That's how long it took the wolves to start exploiting two fresh vulnerabilities in Fortinet FortiGate appliances after they were publicly disclosed. The ink wasn't even dry on the CVE paperwork before Arctic Wolf caught these predators waltzing through SAML single sign-on like they owned the place.

CVE-2025-59718 and CVE-2025-59719. Two critical authentication bypasses. Basically the wolves figured out they can just... pretend to be sheep. Walk right through your fancy electric fence. No credentials needed. Just vibes and malicious intent.

The attacks started December 12th. I know this because that's the day my ticket queue exploded and I stopped believing in a benevolent universe.

Here's what kills me. These FortiGate appliances are supposed to BE the fence. They're the thing protecting your pasture. And now the wolves are using them as a revolving door.

The shepherds, of course, are asking me why we didn't "anticipate this." Sure, Karen. Let me just anticipate every hole in the fence before it exists. That's definitely in my job description between "reset lamb passwords" and "explain why clicking suspicious grain links is bad."

Remediation

Look, I'm tired. You're tired. We're all tired. But here's what you need to do before you can sleep again. If you even remember what sleep is.

  1. Shear those appliances immediately. Fortinet released patches. Apply them. Now. Not tomorrow. Not after your coffee. NOW.
  2. Check your logs for suspicious SSO activity. If you see logins from locations your flock has never grazed, congratulations, you've got wolves in sheep's clothing.
  3. Disable SAML SSO if you're not actively using it. Why is it even on? Who approved this? Was it Dave? It was Dave, wasn't it.
  4. Assume compromise if you haven't patched. Start hunting for parasites. They're probably already nested in there, cozy and warm.
  5. Update your shepherds. They need to know the fence has holes. Use small words. Maybe a diagram with pictures.

I'm going to go stare at a wall now.

Original Report: https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html