CVE-2025-7014 - Vulnerability Details - OpenCVE

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-26-0007

History

Thu, 29 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title		Session Hijacking in QRMenumPro's Menu Panel
Weaknesses		CWE-384
References		https://www.usom.gov.tr/bildirim/tr-26-0007
Metrics		cvssV3_1 `{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2026-01-29T13:47:31.235Z

Updated: 2026-01-29T16:43:45.589Z

Reserved: 2025-07-02T11:40:33.818Z

Link: CVE-2025-7014

Vulnrichment

Updated: 2026-01-29T15:56:08.756Z

NVD

Status : Awaiting Analysis

Published: 2026-01-29T14:16:12.840

Modified: 2026-01-29T16:31:00.867

Link: CVE-2025-7014

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-384

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7014", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-07-02T11:40:33.818Z", "datePublished": "2026-01-29T13:47:31.235Z", "dateUpdated": "2026-01-29T16:43:45.589Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Menu Panel", "vendor": "QR Menu Pro Smart Menu Systems", "versions": [{"lessThanOrEqual": "29012026", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u015eahnur Eren ALO\u011eLU"}], "datePublic": "2026-01-29T13:46:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.<p>This issue affects Menu Panel: through 29012026. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>"}], "value": "Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593 Session Hijacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-384", "description": "CWE-384 Session Fixation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-01-29T13:47:31.235Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0007"}], "source": {"advisory": "TR-26-0007", "defect": ["TR-26-0007"], "discovery": "UNKNOWN"}, "title": "Session Hijacking in QRMenumPro's Menu Panel", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T15:56:05.817554Z", "id": "CVE-2025-7014", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T16:43:45.589Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7014", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-29T15:56:05.817554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T15:56:08.756Z"}}], "cna": {"title": "Session Hijacking in QRMenumPro's Menu Panel", "source": {"defect": ["TR-26-0007"], "advisory": "TR-26-0007", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "\u015eahnur Eren ALO\u011eLU"}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593 Session Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QR Menu Pro Smart Menu Systems", "product": "Menu Panel", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "29012026"}], "defaultStatus": "affected"}], "datePublic": "2026-01-29T13:46:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0007"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "supportingMedia": [{"type": "text/html", "value": "Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.<p>This issue affects Menu Panel: through 29012026. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-384", "description": "CWE-384 Session Fixation"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-01-29T13:47:31.235Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7014", "state": "PUBLISHED", "dateUpdated": "2026-01-29T16:43:45.589Z", "dateReserved": "2025-07-02T11:40:33.818Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-01-29T13:47:31.235Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}