Authorization Bypass Vulnerability in QRMenu by AKIN Software
CVE-2025-9902

7.5HIGH

Key Information:

Vendor: Akin Software Computer Import Export Industry And Trade Co. Ltd.
Status: Qrmenu
Vendor: CVE Published:; 13 October 2025

🔔 Create Akin Software Computer Import Export Industry And Trade Co. Ltd. Vulnerability Alert

What is CVE-2025-9902?

The authorization bypass vulnerability in QRMenu by AKIN Software allows unauthorized users to exploit the software, potentially leading to privilege abuse. This issue arises from inadequate validation of user-controlled keys, paving the way for elevated access in systems running QRMenu versions up to 1.05.12 prior to the specified update on 05.09.2025. Users are strongly advised to apply the necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

QRMenu 1.05.12

References

https://www.usom.gov.tr/bildirim/tr-25-0333

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Berat ARSLAN

JSON