What is the CVSS score of CVE-2025-13479?

CVE-2025-13479 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of PosCube Hardware Software are affected by CVE-2025-13479?

PosCube QR Menu (all versions through 21052026) exposes a critical unauthenticated data breach vulnerability that allows remote attackers to access other users' restaurant menu data through request…

How to fix or mitigate CVE-2025-13479?

24 hours: Identify all systems running PosCube QR Menu and classify data sensitivity. 7 days: Implement network access controls restricting PosCube to authorized users only; enable detailed access logging on all requests. 30 days: Develop migration plan to alternative menu management platforms given vendor unresponsiveness and unavailable patch; consider discontinuing PosCube unless mitigations reduce operational risk to acceptable levels.

PosCube Hardware Software CVE-2025-13479

EUVD-2025-209908 HIGH

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-05-21 TR-CERT

GHSA-j79r-fqf4-6hmx

Authentication Bypass

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

May 21, 2026 - 14:17 vuln.today

DescriptionNVD

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers.

This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Unauthorized data disclosure in PosCube QR Menu (all versions through 21052026) allows remote attackers to access other users' restaurant menu data by manipulating user-controlled identifiers in requests. The flaw is an Insecure Direct Object Reference (IDOR) reachable over the network without authentication, and no public exploit identified at time of analysis. Reported by Turkey's national CERT (TR-CERT), with the vendor unresponsive to disclosure outreach.

CVE-2025-13479 vulnerability details – vuln.today

Back

PosCube Hardware Software CVE-2025-13479

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Share

External POC / Exploit Code