How to fix CVE-2025-14192?

Within 24 hours: Take inventory of all systems running RashminDungrani online-banking and isolate them from production if possible; enable comprehensive audit logging on the authentication module. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in the Username parameter; implement input validation and parameterized query enforcement at the application layer; conduct forensic analysis of authentication logs for signs of exploitation. Within 30 days: Evaluate alternative banking platforms or fork/patch the application internally; establish communication with vendor for remediation timeline; complete risk assessment and document all compensating controls; consider notifying affected customers if any compromise is detected.

Is PHP affected by CVE-2025-14192?

A critical SQL injection vulnerability (CVE-2025-14192) has been publicly disclosed in the RashminDungrani online-banking application, allowing remote attackers to manipulate the login authentication mechanism and potentially access sensitive customer financial data.

CVE-2025-14192

EUVD-2025-201603 HIGH

2025-12-07 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:50 euvd

EUVD-2025-201603

Analysis Generated

Mar 15, 2026 - 17:50 vuln.today

CVE Published

Dec 07, 2025 - 14:15 nvd

HIGH 7.3

Description

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth_login.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical Context

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

Affected Products

Affected: RashminDungrani online-banking

Remediation

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-14192 vulnerability details – vuln.today

Back

CVE-2025-14192

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-14192

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code