CVE-2025-10387 is a medium-severity SQL Injection vulnerability found in the Jasmin Ransomware product developed by codesiddhant, affecting versions up to 1.0.1. The vulnerability resides in the /handshake.php file, where multiple input parameters including machine_name, computer_user, os, date, time, ip, location, systemid, and password are improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw enables remote attackers to manipulate backend database queries without requiring authentication or user interaction, potentially leading to unauthorized data access or modification. The vulnerability was publicly disclosed on September 14, 2025, with a CVSS 4.0 base score of 5.3, indicating a medium level of severity. The vendor was contacted but did not respond or provide a patch, and no known exploits have been observed in the wild yet. The attack vector is network-based with low attack complexity and no privileges or user interaction needed, but the impact on confidentiality, integrity, and availability is limited to low levels individually, resulting in the overall medium severity rating. Given the nature of the product as ransomware, the presence of an SQL injection vulnerability in its handshake mechanism could be leveraged by threat actors to compromise the ransomware’s operational infrastructure or manipulate victim data, potentially increasing the threat landscape around this malware family.

For European organizations, this vulnerability poses a risk primarily if they are targeted by or involved with the Jasmin Ransomware ecosystem, either as victims or indirectly through compromised infrastructure. The SQL injection flaw could allow attackers to extract sensitive information from the ransomware’s backend or disrupt its operations, which might lead to increased ransomware activity or data leakage. While the direct impact on organizations depends on their exposure to this ransomware variant, the vulnerability could facilitate more sophisticated ransomware campaigns or data breaches. This is particularly concerning for sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government entities in Europe. Additionally, the lack of vendor response and patch availability increases the risk of exploitation over time. European organizations should be vigilant about ransomware threats and monitor for any signs of this vulnerability being exploited in the wild.

Since no official patch is available, European organizations should implement specific mitigations to reduce risk: 1) Network segmentation and strict firewall rules to limit exposure of systems potentially interacting with Jasmin Ransomware infrastructure. 2) Deploy Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection attempts targeting /handshake.php or similar endpoints. 3) Monitor network traffic and logs for unusual or suspicious requests containing SQL injection patterns or abnormal parameter values related to machine_name, computer_user, os, etc. 4) Employ threat intelligence feeds to stay updated on any emerging exploits or indicators of compromise related to CVE-2025-10387. 5) Conduct internal security assessments and penetration tests simulating SQL injection attacks to identify and remediate similar vulnerabilities in proprietary or third-party software. 6) Educate security teams about this vulnerability and ensure incident response plans include scenarios involving ransomware infrastructure compromise. 7) Consider deploying endpoint detection and response (EDR) solutions capable of detecting ransomware activity and anomalous database queries. These targeted actions go beyond generic advice and focus on reducing the attack surface and early detection of exploitation attempts.