CVE-2025-7015
Session Fixation Vulnerability in Akın QR Menu Before s
Publication date: 2026-01-29
Last updated on: 2026-03-09
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| akinsoft | qr_menu | to s1.05.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Session Fixation issue in Akın Software's QR Menu application (versions before s1.05.12). Session Fixation allows an attacker to fixate or set a user's session ID, potentially enabling unauthorized access by forcing a user to use a known session ID.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to hijack a user's session by forcing the user to use a session ID known to the attacker. This can lead to unauthorized access to the user's session and potentially sensitive information, compromising confidentiality.