CVE-2025-7931 is a vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /members/admin_pic.php file. The vulnerability arises from improper handling of the 'image' argument, which allows an attacker to perform an unrestricted file upload. This means that an attacker can upload arbitrary files, including potentially malicious scripts or executables, without proper validation or restrictions. The vulnerability is exploitable remotely without requiring authentication or user interaction, increasing the risk of exploitation. The CVSS 4.0 base score is 6.9, categorized as medium severity, reflecting the ease of exploitation (network attack vector, no privileges or user interaction needed) but limited impact scope (low confidentiality, integrity, and availability impact). However, unrestricted upload vulnerabilities often serve as a gateway for further attacks such as remote code execution, web shell deployment, or pivoting within the network. Since the vulnerability affects a donation management system used by churches, it may expose sensitive donor information or disrupt donation processing. Although no public exploits are currently known in the wild, the public disclosure of the vulnerability increases the risk of exploitation by opportunistic attackers. The lack of available patches or vendor mitigation guidance further elevates the urgency for affected organizations to implement compensating controls.

For European organizations, particularly religious institutions or charities using the Church Donation System 1.0, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to internal systems, data breaches involving donor personal and financial information, and potential disruption of donation processing services. Given the sensitive nature of donation data, breaches could result in reputational damage, loss of donor trust, and regulatory penalties under GDPR for inadequate data protection. Additionally, attackers could leverage the unrestricted upload to deploy web shells or malware, enabling persistent access or lateral movement within organizational networks. This could further compromise other critical systems or lead to ransomware attacks. The medium CVSS score may underestimate the real-world impact if chained with other vulnerabilities or misconfigurations. Therefore, European organizations using this system should consider the threat seriously, especially those with high volumes of donor data or critical operational dependencies on the affected software.

Since no official patches or vendor advisories are currently available, affected organizations should take immediate compensating measures. These include: 1) Restricting access to the /members/admin_pic.php endpoint via network segmentation or firewall rules to trusted IPs only; 2) Implementing web application firewalls (WAFs) with rules to detect and block suspicious file upload patterns or file types; 3) Conducting manual code reviews or temporary code modifications to validate and restrict file uploads to safe image formats and enforce size limits; 4) Monitoring server logs and file system changes for unauthorized uploads or suspicious activity; 5) Isolating the affected system from critical internal networks to limit lateral movement; 6) Educating administrators about the vulnerability and signs of compromise; 7) Planning for timely patching or upgrading once vendor fixes become available; 8) Considering alternative donation management solutions if remediation is not feasible in the short term. These measures should be part of a layered defense strategy to reduce exploitation risk until a permanent fix is deployed.