Table of Contents
In this week’s Security Advisory
- Fortinet Auth Bypass Vulnerability Under Active Exploitation
- Atlassian Releases December Patch Cycle
- Notepad++ Patches Data Exfiltration Vulnerability
- Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw
Fortinet Auth Bypass Vulnerability Under Active Exploitation
It has now been confirmed that attackers are exploiting a recently patched vulnerability, CVE-2025-59718 (CVSS 9.8/10), to bypass
authentication on Fortinet’s FortiGate firewalls, that have SSO enabled, and are leveraging the achieved access to export their system configuration files.
Of note, CyberMaxx has already applied patches to our own equipment.
More Reading / Information
Original Advisory:
Fortinet has patched 18 vulnerabilities in its products, including two critical severity vulnerabilities that can allow an attacker to bypass authentication. Those vulnerabilities, CVE-2025-59718 and CVE-2025-59719 (CVSS 9.8/10), impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and are caused by an improper cryptographic signature.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://fortiguard.fortinet.com/psirt?filter=1&version=&keyword=
- https://www.securityweek.com/fortinet-patches-critical-authentication-bypass-vulnerabilities/
Atlassian Releases December Patch Cycle
Atlassian has released patches for nine critical severity vulnerabilities affecting third-party dependencies in its Bamboo, Confluence, Fisheye/Crucible, and Jira Data Center and Server instances. This patching cycle also includes fixes for 24 high severity vulnerabilities. If exploited, these vulnerabilities can lead to Denial-of-Service and privilege escalation.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://confluence.atlassian.com/security/security-bulletin-december-11-2025-1689616574.html
- https://www.securityweek.com/atlassian-patches-critical-apache-tika-flaw/
Notepad++ Patches Data Exfiltration Vulnerability
Notepad++ released a new version recently to fix a vulnerability within its WinGUp update tool after users reported that the updater retrieved malicious executables instead of legitimate update packages. According to the reporter, a malicious executable would run recon commands and store the output in a .txt file. The autoupdater.exe would then exfiltrate the .txt file to a file and text-sharing website previously used in malware campaigns. The newest update will prevent updates from being installed that are not signed with the developer’s code-signing certificate. Notepad++ is investigating the source of the initial compromise and stated they will provide an update after a thorough investigation is completed.
Affected Versions
- Versions before 8.8.8.
Recommendations
- Upgrade to the latest version 8.8.9.
More Reading / Information
- https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix
- https://www.bleepingcomputer.com/news/security/notepad-plus-plus-fixes-flaw-that-let-attackers-push-malicious-update-files/
Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw
Apple has released macOS and iOS updates to patch multiple vulnerabilities, including two zero-day exploits that have been targeted in attacks. These vulnerabilities impact WebKit, the browser engine present in Safari, iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. CVE-2025-14174 is described as a memory corruption issue, while CVE-2025-43529 is classified as a use-after-free bug. They can both be exploited using maliciously crafted web content to execute arbitrary code.
Affected Versions
- A full list of affected versions can be found here.
Recommendations
- Apply the latest patches.
More Reading / Information
- https://www.securityweek.com/apple-patches-two-zero-days-tied-to-mysterious-exploited-chrome-flaw/
- https://support.apple.com/en-us/100100
Recommendations
Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.
