CVE-2025-6352
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-10-23

Assigner: VulDB

Description
A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-10-23
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6352
EUVD
EUVD-2025-28726
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fabian automated_voting_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6352 is a vulnerability in the code-projects Automated Voting System version 1.0, specifically in the backend file /vote.php. The vulnerability allows attackers to bypass the login authentication by directly accessing vote.php, which includes the sess.php file. This unauthorized direct access enables attackers to manipulate data and potentially cause data leakage by accessing restricted backend functions without proper authorization. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing remote attackers to bypass authentication and directly access backend functions of the voting system without any credentials. This can lead to unauthorized data manipulation and potential data leakage, compromising the confidentiality and integrity of the system. Since the exploit is publicly available and can be triggered remotely without authentication, it poses a moderate security risk. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by searching for the presence of the vulnerable file 'vote.php' accessible without authentication. One method is to use Google Hacking techniques such as searching for 'inurl:vote.php' to identify exposed instances. On your system or network, you can check for the existence and accessibility of the 'vote.php' file in the backend. For example, using curl or wget commands to test direct access to the 'vote.php' endpoint without authentication can help detect the vulnerability. Example command: curl -I http://target-system/vote.php - to check if the file is accessible without login. [2]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been documented for this vulnerability. The suggested immediate step is to replace the affected component (code-projects Automated Voting System version 1.0) with an alternative product that does not contain this vulnerability. Additionally, restricting access to the 'vote.php' file by implementing proper authentication and access controls may help mitigate unauthorized access until a replacement is made. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart