{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7013", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-07-02T11:24:28.251Z", "datePublished": "2026-01-29T13:40:57.222Z", "dateUpdated": "2026-03-25T14:32:02.176Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-03-25T14:32:02.176Z"}, "title": "IDOR in QRMenumPro's Menu Panel", "datePublic": "2026-01-29T13:38:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "affected": [{"vendor": "QR Menu Pro Smart Menu Systems", "product": "Menu Panel", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "29012026", "versionType": "custom"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.<p>This issue affects Menu Panel: through 29012026.&nbsp;\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0007"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "\u015eahnur Eren ALO\u011eLU", "type": "finder"}], "source": {"defect": ["TR-26-0007"], "advisory": "TR-26-0007", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T15:56:15.504084Z", "id": "CVE-2025-7013", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T16:43:54.604Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-29T15:56:15.504084Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T15:56:18.126Z"}}], "cna": {"title": "IDOR in QRMenumPro's Menu Panel", "source": {"defect": ["TR-26-0007"], "advisory": "TR-26-0007", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "\u015eahnur Eren ALO\u011eLU"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Identifiers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QR Menu Pro Smart Menu Systems", "product": "Menu Panel", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "29012026"}], "defaultStatus": "unknown"}], "datePublic": "2026-01-29T13:38:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0007"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.", "supportingMedia": [{"type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.<p>This issue affects Menu Panel: through 29012026.&nbsp;\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-03-25T14:32:02.176Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7013", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:32:02.176Z", "dateReserved": "2025-07-02T11:24:28.251Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-01-29T13:40:57.222Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qrmenumpro:menu_panel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7097939F-C013-424F-A7EF-AE5EE7C867F1", "versionEndIncluding": "29012026", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Vulnerabilidad de elusi\u00f3n de autorizaci\u00f3n mediante clave controlada por el usuario en el Panel de Men\u00fa de los Sistemas de Men\u00fa Inteligentes QR Menu Pro permite la explotaci\u00f3n de identificadores de confianza. Este problema afecta al Panel de Men\u00fa: hasta el 29012026.\n\nNOTA: Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2025-7013", "lastModified": "2026-03-09T13:50:55.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "iletisim@usom.gov.tr", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-29T14:16:12.683", "references": [{"source": "iletisim@usom.gov.tr", "tags": ["Third Party Advisory"], "url": "https://www.usom.gov.tr/bildirim/tr-26-0007"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "iletisim@usom.gov.tr", "type": "Primary"}]}

{}

{"created": "2026-01-30T08:42:58.773983+00:00", "updated": "2026-01-30T08:42:58.774074+00:00", "vendors": ["qr_menu_pro_smart_menu_systems", "qr_menu_pro_smart_menu_systems$PRODUCT$menu_panel"]}