Session Fixation

CVE-2025-7015

Medium

5.7/10

Summary

Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation. This issue affects QR Menu: before s1.05.12.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-384 - Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

Advisory Timeline

Published Jan 29, 2026

Session Fixation

CVE-2025-7015

Summary

CWE-384 - Session Fixation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS