CVE-2025-6095

codesiddhant Jasmin Ransomware checklogin.php sql injection

CVSS 6.9 MEDIUMEPSS 1.5%CWE-74 CWE-89

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.9EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

08 Apr 2023Metasploit module available

15 Jun 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

codesiddhant · Jasmin Ransomware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/YZS17/CVE/blob/main/Jasmin-Ransomware/sqli_password.md https://github.com/YZS17/CVE/blob/main/Jasmin-Ransomware/sqli_username.md https://vuldb.com/?ctiid.312564 https://vuldb.com/?id.312564 https://vuldb.com/?submit.588833 https://vuldb.com/?submit.588834