What if someone scans your passport into their ZKPassport App?

This is more of a question than a request. I am building a (experimental) voting platform and currently thinking through attack vectors. In this case, what if an individual is able to access your passport temporarily; long enough to scan it into their ZKPassport App, after which point they lose access to the physical passport. Would the passport owner have any recourse to invalidate the attacker’s scan (presumably by re-scanning it themselves?)? If not … do scanned passports expire in the app (requiring re-scanning) so that the attacker’s version becomes invalid after a certain period (hopefully less than expiration date of the passport)? If not, is there anything that can be done at the application level, such as detecting that proof A uses a passport more recently scanned than proof B?

Thanks for the consideration!