SQL Injection Vulnerability in Codesiddhant Jasmin Ransomware
CVE-2025-10387

5.3MEDIUM

Key Information:

Vendor

Codesiddhant

Status
Jasmin Ransomware
Vendor
CVE Published:
14 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10387?

A vulnerability exists in the Codesiddhant Jasmin Ransomware affecting versions up to 1.0.1, specifically in the '/handshake.php' file. This flaw allows for SQL injection through manipulation of critical parameters such as machine_name, computer_user, os, date, time, ip, location, systemid, and password. The attack can be executed remotely, creating a risk of unauthorized database access and potential data compromise. Despite being contacted regarding this vulnerability, the vendor has not provided a response, raising concerns about the timeliness of remediation efforts.

Affected Version(s)

Jasmin Ransomware 1.0.0

Jasmin Ransomware 1.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10387 - Proof of Concept

References

https://vuldb.com/?id.323822
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323822
signaturepermissions-required
https://vuldb.com/?submit.644285
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

f10w3r (VulDB User)
.
CVE-2025-10387 : SQL Injection Vulnerability in Codesiddhant Jasmin Ransomware