CVE-2025-6008 is a SQL Injection vulnerability identified in version 5.2.0 of the kiCode111 like-girl web application, specifically within the /admin/ImgAddPost.php file. The vulnerability arises from improper sanitization of user-supplied input parameters imgDatd, imgText, and imgUrl, which are used in SQL queries without adequate validation or escaping. This flaw allows a remote attacker to inject malicious SQL code, potentially manipulating the backend database. The vulnerability can be exploited without user interaction and does not require authentication, increasing the attack surface. However, the CVSS vector indicates that a high privilege level is required (PR:H), which suggests that the attacker must have some form of elevated access to the system prior to exploitation. The impact on confidentiality, integrity, and availability is rated low, indicating limited potential for data leakage or system disruption. The vendor has not responded to early notifications, and no patches or mitigations have been released at the time of publication. Although no known exploits are currently in the wild, the public disclosure of the exploit code increases the risk of future attacks. The vulnerability's medium severity rating (CVSS 5.1) reflects a moderate threat level, primarily due to the requirement for high privileges and the limited impact scope. The lack of authentication requirement for launching the attack is contradicted by the CVSS vector, which specifies PR:H, suggesting some ambiguity in the exact exploitation conditions. Overall, this vulnerability represents a moderate risk to affected systems, particularly those with exposed administrative interfaces and insufficient access controls.

For European organizations using kiCode111 like-girl version 5.2.0, this vulnerability poses a moderate risk. Given that the flaw exists in an administrative component, successful exploitation could allow attackers with elevated privileges to manipulate database contents, potentially leading to data corruption or unauthorized data modification. Although the impact on confidentiality and availability is low, integrity compromise could disrupt business operations, especially for organizations relying on this application for content management or user-generated content. The lack of vendor response and absence of patches increases exposure time, potentially inviting targeted attacks. Organizations with publicly accessible administrative interfaces are at higher risk. The medium severity rating suggests that while the threat is not critical, it should not be ignored, particularly in sectors where data integrity is paramount, such as finance, healthcare, and government services. The vulnerability could also be leveraged as part of a multi-stage attack chain, escalating privileges or pivoting to other systems within the network. European entities with limited internal security controls or those operating in regulated industries may face compliance risks if the vulnerability is exploited.

Restrict access to the /admin/ImgAddPost.php endpoint by implementing network-level controls such as IP whitelisting or VPN-only access to administrative interfaces. Implement strict input validation and parameterized queries or prepared statements in the application code to prevent SQL injection, even if vendor patches are unavailable. Deploy Web Application Firewalls (WAFs) configured to detect and block SQL injection patterns targeting the affected parameters (imgDatd, imgText, imgUrl). Conduct regular security audits and penetration testing focusing on administrative modules to identify and remediate similar injection flaws. Monitor application logs for unusual database query patterns or failed injection attempts to detect exploitation attempts early. If possible, isolate the affected application in a segmented network zone to limit lateral movement in case of compromise. Engage with the vendor or community to encourage patch development or consider migrating to alternative software with active security support.