Login Sign Up

CVE-2025-6095

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

CVE-2025-6095 is a critical SQL injection vulnerability in Jasmin Ransomware 1.0.1 that allows remote attackers to execute arbitrary SQL commands via the username or password parameters in /checklogin.php. This affects anyone running this specific ransomware software version. The vulnerability could lead to authentication bypass, data theft, or ransomware deployment.

💻 Affected Systems

Products:
  • codesiddhant Jasmin Ransomware
Versions: 1.0.1
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific ransomware software; legitimate systems are not impacted unless running this malicious software.

📦 What is this software?

Jasmin Ransomware by Codesiddhant

View all CVEs affecting Jasmin Ransomware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to ransomware deployment, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Authentication bypass allowing unauthorized access to the ransomware control panel, potentially enabling attackers to deploy ransomware payloads.

🟢

If Mitigated

Limited impact with proper input validation and SQL injection protections in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub repositories, making this easily exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available. Remove the software immediately as it is malicious ransomware.

🔧 Temporary Workarounds

Remove Jasmin Ransomware

all

Completely uninstall and remove the Jasmin Ransomware software from all systems.

rm -rf /path/to/jasmin_ransomware/
Remove via system uninstaller if available

Block Access to /checklogin.php

linux

Use web server configuration to block access to the vulnerable endpoint.

# Apache: <Location "/checklogin.php"> Require all denied </Location>
# Nginx: location /checklogin.php { deny all; }

🧯 If You Can't Patch

  • Isolate affected systems from network access immediately.
  • Implement strict network segmentation to prevent lateral movement.

🔍 How to Verify

Check if Vulnerable:

Check if Jasmin Ransomware 1.0.1 is installed on the system and if /checklogin.php exists.

Check Version:

Check installation directory or system logs for Jasmin Ransomware 1.0.1 references

Verify Fix Applied:

Verify the software has been completely removed and /checklogin.php is no longer accessible.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in application logs
  • Multiple failed login attempts followed by successful authentication
  • Access to /checklogin.php with SQL injection patterns

Network Indicators:

  • HTTP requests to /checklogin.php with SQL payloads in parameters
  • Unusual outbound connections following authentication

SIEM Query:

source="web_logs" AND uri_path="/checklogin.php" AND (username="*' OR*" OR password="*' OR*")

📊 Metadata

CVE ID: CVE-2025-6095
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 24.66% exploit probability (96th percentile)
Published: June 15, 2025
Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6095, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)