CVE-2025-7152 is a vulnerability identified in Campcodes Advanced Online Voting System version 1.0, specifically within the /admin/candidates_add.php file. The flaw arises from improper validation of the 'photo' argument, which allows an attacker to perform an unrestricted file upload. This means that an attacker can upload arbitrary files, potentially including malicious scripts or executables, to the server hosting the voting system. The vulnerability is remotely exploitable without requiring user interaction or authentication, increasing its risk profile. Although the CVSS 4.0 base score is 5.3 (medium severity), the unrestricted upload capability can lead to severe consequences such as remote code execution, server compromise, data manipulation, or denial of service if exploited effectively. The exploit details have been publicly disclosed, increasing the likelihood of exploitation attempts. The vulnerability affects only version 1.0 of the product, and no official patches or mitigations have been linked or published at this time. The voting system is a critical component in election infrastructure, making the presence of such a vulnerability particularly concerning.

For European organizations, especially governmental bodies and election commissions using Campcodes Advanced Online Voting System 1.0, this vulnerability poses a significant threat to the integrity and availability of election processes. Exploitation could allow attackers to upload malicious code, leading to unauthorized access, manipulation of candidate data, or disruption of voting operations. This undermines public trust in electoral outcomes and could have serious political and social ramifications. Additionally, if attackers gain control over the system, they could exfiltrate sensitive voter information, violating data protection regulations such as GDPR. The medium CVSS score may underestimate the real-world impact given the critical nature of election systems. The lack of authentication requirement and remote exploitability further increase the risk for European organizations relying on this software.

1. Immediate isolation of any systems running Campcodes Advanced Online Voting System 1.0 until a patch or update is available. 2. Implement strict network segmentation and firewall rules to restrict access to the /admin/ directory, limiting exposure to trusted IP addresses only. 3. Deploy Web Application Firewalls (WAF) with custom rules to detect and block suspicious file upload attempts targeting the 'photo' parameter. 4. Conduct thorough code review and implement server-side validation to restrict file types, sizes, and enforce whitelist policies for uploads. 5. Monitor logs for unusual upload activity or unexpected file creations in the upload directories. 6. Prepare incident response plans specifically for election infrastructure to quickly respond to potential exploitation. 7. Engage with the vendor for timely patches or consider migrating to alternative voting systems with stronger security postures. 8. Regularly update and patch all related infrastructure components to reduce attack surface.