CVE-2025-7014: Panel session fixation enables

CISO Take

CVE-2025-7014 is a session fixation vulnerability (CWE-384) in QR Menu Pro's Menu Panel pip package, allowing a low-privileged network attacker to pre-set a victim's session identifier before authentication, then hijack the fully authenticated session to gain high-confidentiality access to the victim's account. Beyond the medium CVSS 5.7 score, the package carries 30 prior CVEs and 479 downstream dependents, signaling systemic security debt that amplifies residual risk for any organization relying on it. No patch exists for versions through 29012026 and the vendor did not respond to disclosure, leaving remediation entirely on the consumer side. Teams should immediately audit usage via dependency scanning, enforce server-side session token regeneration on every authentication event, and treat this package as end-of-life pending a vendor response.

Sources: NVD ATLAS OpenSSF

What is the risk?

Effective risk is higher than the base CVSS 5.7 suggests. The combination of no available patch, a historically vulnerable package (30 prior CVEs, OpenSSF 6.5/10), 479 downstream dependents, and a non-responsive vendor creates an extended exposure window with no vendor-supplied remediation path. Attack complexity is low and the vector is network-accessible, making exploitation straightforward once a target user can be lured to follow a crafted link. No public exploit or EPSS data is available, which limits quantified exploitation probability, but the trivial nature of session fixation attacks keeps practical risk elevated.

How does the attack unfold?

Session Token Fixation

Attacker initiates an unauthenticated session with the Menu Panel application to obtain a server-issued session token, then crafts a URL embedding this fixed session ID for delivery to the target.

AML.T0049

Target Delivery

Attacker delivers the crafted URL to a privileged user (e.g., ML platform admin) via phishing or social engineering, inducing them to authenticate through the attacker-controlled session link.

AML.T0052

Session Hijack

Victim authenticates successfully using the fixed session ID; the server fails to regenerate the token post-authentication, leaving the attacker's pre-set token valid and usable.

AML.T0091

Confidential Data Access

Attacker reuses the now-authenticated session token to access all account-visible data and controls, including AI pipeline configurations, API keys, model artifacts, and user data.

AML.T0012

Session Token Fixation

Attacker initiates an unauthenticated session with the Menu Panel application to obtain a server-issued session token, then crafts a URL embedding this fixed session ID for delivery to the target.

AML.T0049

Target Delivery

Attacker delivers the crafted URL to a privileged user (e.g., ML platform admin) via phishing or social engineering, inducing them to authenticate through the attacker-controlled session link.

AML.T0052

Session Hijack

Victim authenticates successfully using the fixed session ID; the server fails to regenerate the token post-authentication, leaving the attacker's pre-set token valid and usable.

AML.T0091

Confidential Data Access

Attacker reuses the now-authenticated session token to access all account-visible data and controls, including AI pipeline configurations, API keys, model artifacts, and user data.

AML.T0012

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
Panel	pip	—	No patch
5.7K OpenSSF 6.5 479 dependents Pushed 6d ago 53% patched ~6d to patch Full package profile →

Do you use Panel? You're affected.

How severe is it?

CVSS 3.1

5.7 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR Low

UI Required

S Unchanged

C High

I None

A None

What should I do?

6 steps

Run 'pip show menu-panel' and scan dependency trees across all environments to identify affected deployments.
Since no patch is available, enforce mandatory server-side session token regeneration immediately after authentication at the application or reverse-proxy layer — do not rely on the package's own session handling.
Set SameSite=Strict and HttpOnly flags on all session cookies to reduce session token leakage vectors.
Implement detection: alert on concurrent authenticated sessions sharing a session ID from multiple source IPs.
Add Menu Panel to the internal deny-list and block new deployments until a patched release is confirmed.
Given 30 prior CVEs and vendor silence, evaluate migration to a maintained alternative rather than awaiting a fix.

How is it classified?

Auth Bypass Data Extraction Framework AML.T0012 - Valid Accounts AML.T0049 - Exploit Public-Facing Application AML.T0091 - Use Alternate Authentication Material

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Art. 9 - Risk management system

ISO 42001

A.9.4 - System and application access control

NIST AI RMF

GOVERN 6.1 - Policies and procedures are in place for the secure development and deployment of AI systems

OWASP LLM Top 10

LLM08 - Excessive Agency

Frequently Asked Questions

What is CVE-2025-7014?

CVE-2025-7014 is a session fixation vulnerability (CWE-384) in QR Menu Pro's Menu Panel pip package, allowing a low-privileged network attacker to pre-set a victim's session identifier before authentication, then hijack the fully authenticated session to gain high-confidentiality access to the victim's account. Beyond the medium CVSS 5.7 score, the package carries 30 prior CVEs and 479 downstream dependents, signaling systemic security debt that amplifies residual risk for any organization relying on it. No patch exists for versions through 29012026 and the vendor did not respond to disclosure, leaving remediation entirely on the consumer side. Teams should immediately audit usage via dependency scanning, enforce server-side session token regeneration on every authentication event, and treat this package as end-of-life pending a vendor response.

Is CVE-2025-7014 actively exploited?

No confirmed active exploitation of CVE-2025-7014 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-7014?

1. Run 'pip show menu-panel' and scan dependency trees across all environments to identify affected deployments. 2. Since no patch is available, enforce mandatory server-side session token regeneration immediately after authentication at the application or reverse-proxy layer — do not rely on the package's own session handling. 3. Set SameSite=Strict and HttpOnly flags on all session cookies to reduce session token leakage vectors. 4. Implement detection: alert on concurrent authenticated sessions sharing a session ID from multiple source IPs. 5. Add Menu Panel to the internal deny-list and block new deployments until a patched release is confirmed. 6. Given 30 prior CVEs and vendor silence, evaluate migration to a maintained alternative rather than awaiting a fix.

What systems are affected by CVE-2025-7014?

This vulnerability affects the following AI/ML architecture patterns: Web-based ML dashboard UIs, AI platform admin panels, Multi-user model management interfaces, Data labeling and annotation platforms.

What is the CVSS score for CVE-2025-7014?

CVE-2025-7014 has a CVSS v3.1 base score of 5.7 (MEDIUM).

What is the AI security impact?

Affected AI Architectures

Web-based ML dashboard UIsAI platform admin panelsMulti-user model management interfacesData labeling and annotation platforms

MITRE ATLAS Techniques

AML.T0012 Valid Accounts

AML.T0049 Exploit Public-Facing Application

AML.T0091 Use Alternate Authentication Material

Compliance Controls Affected

EU AI Act: Art. 9

ISO 42001: A.9.4

NIST AI RMF: GOVERN 6.1

OWASP LLM Top 10: LLM08

What are the technical details?

Original Advisory

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploitation Scenario

An attacker targeting an organization using Menu Panel as its ML dashboard management UI first initiates an unauthenticated session with the application to obtain a server-issued session token. The attacker crafts a URL embedding this fixed session ID and delivers it to a target administrator — via spear-phishing, a Slack message, or an indirect injection point. When the admin follows the link and completes login, the server accepts the pre-set session ID without regenerating it. The attacker, still holding that session token, now has an authenticated admin session, allowing access to all configurations, API credentials, user data, and AI pipeline controls visible to the admin account.

Weaknesses (CWE)

CWE-384 Session Fixation

CWE-384 — Session Fixation: Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

[Architecture and Design] Invalidate any existing session identifiers prior to authorizing a new user session.
[Architecture and Design] For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user's browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don't match, invalidate the session, and force the user to log on again.

Source: MITRE CWE corpus.