CVE-2025-6007 is a SQL Injection vulnerability identified in version 5.2.0 of the kiCode111 like-girl web application, specifically within an unspecified function in the /admin/CopyadminPost.php file. The vulnerability arises from improper sanitization or validation of the 'icp/Copyright' parameter, which can be manipulated by an attacker to inject malicious SQL commands. This flaw allows remote attackers to execute arbitrary SQL queries on the backend database without requiring authentication or user interaction. Although the vendor was notified early, no response or patch has been issued, and while no known exploits are currently observed in the wild, the exploit code has been publicly disclosed. The vulnerability has been assigned a CVSS v4.0 base score of 5.1, categorized as medium severity, reflecting a network attack vector with low complexity and no required privileges or user interaction. The impact on confidentiality, integrity, and availability is rated low, indicating limited potential for severe damage or data leakage under typical conditions. However, the presence of a SQL Injection in an administrative endpoint suggests potential for unauthorized data access or modification if exploited effectively. The lack of vendor response and patch availability increases the risk for organizations using this specific version of the product.

For European organizations using kiCode111 like-girl version 5.2.0, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of their data. Exploitation could allow attackers to extract sensitive information, modify or delete data, or potentially escalate privileges within the application’s database. Given the vulnerability is remotely exploitable without authentication, attackers could target exposed administrative interfaces, leading to unauthorized access to backend systems. The impact is somewhat mitigated by the low CVSS score, indicating limited scope and impact; however, organizations with critical data or regulatory compliance requirements (e.g., GDPR) could face significant legal and reputational consequences if data is compromised. Additionally, the lack of vendor remediation increases exposure time. The threat is particularly relevant for sectors relying on this software for administrative or content management functions, including SMEs and niche service providers in Europe. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks, especially given public exploit disclosure.

1. Immediate mitigation should involve restricting access to the /admin/CopyadminPost.php endpoint via network controls such as IP whitelisting, VPN-only access, or web application firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the 'icp/Copyright' parameter. 2. Conduct thorough input validation and sanitization on all parameters, especially those used in SQL queries, employing parameterized queries or prepared statements to prevent injection. 3. Monitor application logs and database query logs for unusual or suspicious activity indicative of SQL injection attempts. 4. If possible, upgrade to a later, patched version of like-girl once available or apply vendor-provided patches promptly. 5. In the absence of vendor patches, consider isolating the affected application in a segmented network zone to limit potential lateral movement. 6. Perform regular security assessments and penetration testing focused on injection vulnerabilities. 7. Educate administrators and developers about secure coding practices and the risks of SQL injection. 8. Implement database-level restrictions such as least privilege for the application database user to minimize damage from potential exploitation.