CVE-2025-68588 identifies a missing authorization vulnerability in totalsoft's TS Poll application, specifically affecting versions up to 2.5.3. The vulnerability stems from incorrectly configured access control security levels, which fail to properly restrict user permissions. This misconfiguration allows an attacker with low privileges (PR:L) to remotely exploit the system over a network (AV:N) without requiring user interaction (UI:N). The vulnerability impacts the confidentiality and integrity of the system (C:H/I:H), but does not affect availability (A:N). TS Poll is a polling and survey management tool used by organizations to collect and analyze data. The missing authorization means unauthorized users can access or manipulate sensitive poll data or configurations, potentially leading to data breaches, misinformation, or unauthorized changes to polling results. The vulnerability was reserved on December 19, 2025, and published on December 24, 2025. No patches or known exploits are currently available, but the high CVSS score (8.1) reflects the serious risk posed by this flaw. The vulnerability requires only low privileges to exploit and can be triggered remotely, increasing its risk profile. Organizations using TS Poll should urgently review their access control policies and monitor for suspicious activity until a patch is released.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of polling data, which may be critical for decision-making, customer feedback, or internal assessments. Unauthorized access could lead to data leakage, manipulation of poll results, or exposure of sensitive information, undermining trust and potentially causing reputational damage. Since TS Poll is used in various sectors including public administration, market research, and corporate environments, the impact could extend to political polling, regulatory compliance surveys, and business intelligence. The lack of availability impact means systems remain operational, but compromised data integrity could have cascading effects on business processes and decision accuracy. The remote exploitability and low privilege requirement make it easier for attackers to leverage this vulnerability, increasing the likelihood of targeted attacks or opportunistic exploitation. European organizations with strict data protection regulations like GDPR face additional legal and compliance risks if sensitive personal data is exposed due to this vulnerability.

1. Immediately conduct a thorough audit of TS Poll access control configurations to identify and correct any misconfigurations or overly permissive settings. 2. Implement network segmentation to restrict TS Poll access only to trusted internal users and systems, minimizing exposure to external threats. 3. Enforce the principle of least privilege for all TS Poll user accounts, ensuring users have only the minimum necessary permissions. 4. Monitor logs and network traffic for unusual access patterns or unauthorized attempts to access TS Poll resources. 5. Engage with totalsoft support or vendor channels to obtain patches or updates as soon as they become available and apply them promptly. 6. Consider deploying web application firewalls (WAF) with custom rules to detect and block suspicious requests targeting TS Poll endpoints. 7. Educate administrators and users about the risks of unauthorized access and encourage reporting of anomalies. 8. If possible, temporarily disable or restrict TS Poll functionality until a patch is applied to reduce attack surface.