cbcvebase.
CVE-2025-6095
published 2025-06-15

CVE-2025-6095: A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.53%
71.6th percentile
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected

2 ranges
VendorProductVersion rangeFixed in
codesiddhantjasmin-ransomware
codesiddhantjasmin_ransomware

Detection & IOCsextracted from sources · hover to see the quote

path/checklogin.php
  • Monitor HTTP requests targeting /checklogin.php for SQL injection payloads in the 'username' and/or 'password' POST parameters, which are the manipulated arguments in this unauthenticated SQLi.
  • The attack is remotely exploitable with no authentication required — treat any external access to /checklogin.php with anomalous parameter values (e.g., SQL metacharacters, UNION/SELECT keywords) as high-priority alert.
  • A public Metasploit auxiliary module (gather/jasmin_ransomware_sqli) exists for this vulnerability; look for Metasploit-characteristic HTTP request patterns (e.g., default User-Agent strings) against /checklogin.php.
  • ·All versions of Jasmin Ransomware are considered vulnerable; the last patch was in 2021 and the vendor did not respond to disclosure, making a fix unlikely — no version can be considered safe.
  • ·Exploitation can be used to exfiltrate victim data or harvest login credentials; credential harvesting is noted as significantly faster than full data retrieval, so expect rapid follow-on login attempts after SQLi exploitation.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.5MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.