In the cybersecurity world, the time between a “patch released” announcement and an “active attack started” warning is getting shorter and shorter. Two critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) affecting Fortinet devices, which Fortinet announced last week, were actively exploited by threat actors as of December 12, 2025, less than a week after their disclosure.
