CVE-2025-7014

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-26-0007	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qrmenumpro:menu_panel:29012026:*:*:*:*:*:*:*

History

09 Mar 2026, 13:40

Type	Values Removed	Values Added
First Time		Qrmenumpro menu Panel Qrmenumpro
References	~~() https://www.usom.gov.tr/bildirim/tr-26-0007 -~~	() https://www.usom.gov.tr/bildirim/tr-26-0007 - Third Party Advisory
Summary		(es) Vulnerabilidad de fijación de sesión en el Panel de Menú de QR Menu Pro Smart Menu Systems permite el secuestro de sesión. Este problema afecta al Panel de Menú: hasta el 29012026. NOTA: El proveedor fue contactado con antelación sobre esta divulgación pero no respondió de ninguna manera.
CPE		cpe:2.3:a:qrmenumpro:menu_panel:29012026:::::::*

29 Jan 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-29 14:16

Updated : 2026-03-09 13:40

NVD link : CVE-2025-7014

Mitre link : CVE-2025-7014

CVE.ORG link : CVE-2025-7014

JSON object : View

Products Affected

qrmenumpro

menu_panel

CWE

CWE-384

Session Fixation

{"id": "CVE-2025-7014", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-01-29T14:16:12.840", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0007", "tags": ["Third Party Advisory"], "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el Panel de Men\u00fa de QR Menu Pro Smart Menu Systems permite el secuestro de sesi\u00f3n. Este problema afecta al Panel de Men\u00fa: hasta el 29012026.\n\nNOTA: El proveedor fue contactado con antelaci\u00f3n sobre esta divulgaci\u00f3n pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2026-03-09T13:40:58.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qrmenumpro:menu_panel:29012026:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE81F440-8F22-474E-B739-8FF4477B3D59"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}