CVE-2025-7555 is a SQL Injection vulnerability identified in version 1.0 of the code-projects Voting System, specifically within the /admin/voters_add.php file. The vulnerability arises from improper sanitization or validation of user-supplied input in the firstname and lastname parameters, which are used in SQL queries. An attacker can remotely exploit this flaw by manipulating these parameters to inject malicious SQL code, potentially allowing unauthorized access to or modification of the underlying database. The vulnerability does not require user interaction or authentication, increasing its risk profile. Although the CVSS 4.0 base score is 5.3 (medium severity), the classification as critical in the description suggests that the impact could be significant depending on the deployment context. The CVSS vector indicates that the attack is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:L), no user interaction (UI:N), and has low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). No patches or known exploits in the wild have been reported yet, but public disclosure of the exploit code increases the likelihood of exploitation attempts. The vulnerability affects only version 1.0 of the Voting System, which is typically used in election or polling environments, making the integrity and confidentiality of voting data a critical concern. The lack of authentication requirement and remote exploitability make this vulnerability a significant threat to systems relying on this software for election management or voting processes.

For European organizations, especially those involved in electoral processes, public opinion polling, or any form of voting management using the affected code-projects Voting System 1.0, this vulnerability poses a serious risk. Exploitation could lead to unauthorized data manipulation, such as altering voter records or election results, undermining the integrity and trustworthiness of democratic processes. Confidential voter information could also be exposed, violating data protection regulations like GDPR. Even organizations using this system for internal decision-making or surveys could face data integrity issues, reputational damage, and potential legal consequences. Given the critical nature of voting systems in Europe and the strict regulatory environment, exploitation could have far-reaching consequences beyond technical damage, including political and social instability. The medium CVSS score might underestimate the real-world impact in sensitive environments where data integrity is paramount.

Organizations should immediately audit their use of the code-projects Voting System 1.0 and identify any instances of the vulnerable software. Since no official patches are currently available, mitigation should focus on implementing input validation and parameterized queries or prepared statements to prevent SQL injection. Restrict access to the /admin/voters_add.php endpoint using network-level controls such as IP whitelisting or VPN access to limit exposure. Employ Web Application Firewalls (WAFs) with rules to detect and block SQL injection attempts targeting the firstname and lastname parameters. Conduct thorough code reviews and penetration testing to identify and remediate similar injection points. Additionally, monitor logs for suspicious activity related to the vulnerable endpoint and prepare incident response plans in case of exploitation. Organizations should also consider migrating to updated or alternative voting systems with secure coding practices and active maintenance.