CVE-2025-7013

Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-26-0007	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qrmenumpro:menu_panel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-29 14:16

Updated : 2026-03-09 13:50

NVD link : CVE-2025-7013

Mitre link : CVE-2025-7013

CVE.ORG link : CVE-2025-7013

JSON object : View

Products Affected

qrmenumpro

menu_panel

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-7013", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-29T14:16:12.683", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0007", "tags": ["Third Party Advisory"], "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autorizaci\u00f3n mediante clave controlada por el usuario en el Panel de Men\u00fa de los Sistemas de Men\u00fa Inteligentes QR Menu Pro permite la explotaci\u00f3n de identificadores de confianza. Este problema afecta al Panel de Men\u00fa: hasta el 29012026.\n\nNOTA: Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "lastModified": "2026-03-09T13:50:55.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qrmenumpro:menu_panel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7097939F-C013-424F-A7EF-AE5EE7C867F1", "versionEndIncluding": "29012026"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}