DeFi Hit by Novel Exploit Technique

The vulnerability, identified as CVE-2025-25257, is a critical SQL injection flaw affecting Fortinet's FortiWeb web application firewall. It carries a high severity score of 9.8, allowing unauthenticated attackers to potentially achieve remote code execution (RCE). This specific exploit works by inserting malicious SQL commands into the "Authorization" HTTP header. The system's `get_fabric_user_by_token` function fails to properly sanitize this input, creating the opening for attackers to execute unauthorized database commands. The observed attacks originated from AS12975, an autonomous system number registered to the Palestine Telecommunications Company (PALTEL). This entity is a major internet service provider in the region. CISA's addition of zlib flaws to its Known Exploited Vulnerabilities (KEV) catalog follows active exploits of similar bugs, such as CVE-2025-14847 in MongoDB. That vulnerability, nicknamed "MongoBleed," allowed unauthenticated attackers to leak sensitive server memory due to an issue in the zlib data compression library. Binance Smart Chain (BSC) has previously been the target of massive exploits, including a $570 million hack of its official cross-chain bridge, the BSC Token Hub. In that incident, an attacker found a way to forge proofs, allowing them to mint 2 million BNB tokens without authorization. The targeting of honeypots—decoy systems designed to attract and analyze cyberattacks—is a significant tactic. By attacking these traps, hackers can test their exploit methods in what they believe is a live environment, while security teams gather intelligence on their techniques.