PatchSiren cyber security CVE debrief
CVE-2025-7014 QR Menu Pro Smart Menu Systems CVE debrief
A Session Fixation vulnerability was discovered in QR Menu Pro Smart Menu Systems Menu Panel, which could allow for Session Hijacking. The issue affects Menu Panel through version 29012026.
- Vendor
- QR Menu Pro Smart Menu Systems
- Product
- Menu Panel
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-29
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-01-29
- Advisory updated
- 2026-06-05
Who should care
Users of QR Menu Pro Smart Menu Systems Menu Panel through version 29012026 should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is a Session Fixation issue (CWE-384) in QR Menu Pro Smart Menu Systems Menu Panel. This could allow an attacker to hijack a user's session.
Defensive priority
MEDIUM
Recommended defensive actions
- Users should update Menu Panel to a version beyond 29012026 if available.
- In the meantime, users can consider implementing additional security measures such as session timeouts and secure cookie flags.
- Refer to [ref-5](https://www.usom.gov.tr/bildirim/tr-26-0007) for Third Party Advisory.
Evidence notes
The CVE-2025-7014 details were obtained from the official CVE and NVD sources.
Official resources
-
CVE-2025-7014 CVE record
CVE.org
-
CVE-2025-7014 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2025-7014 was published on [cvePublishedAt] and last modified on [cveModifiedAt].