Authorization Bypass via User-Controlled Trusted Identifiers in QR Menu

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Casky was already ahead

This CVE exploits attack patterns that Casky's 261matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.

Analysis

CVE-2025-13479 represents a critical authorization vulnerability in PosCube's QR Menu software (through version 21052026) where user-controlled keys can be exploited to bypass authentication and authorization controls. This CWE-639 vulnerability allows attackers to manipulate trusted identifiers—such as session tokens, API keys, or authentication parameters—that the application incorrectly treats as authoritative without proper validation. Organizations deploying QR Menu for point-of-sale operations, restaurant management, or customer-facing digital menu systems face direct risk of unauthorized access to sensitive business data, customer information, and transaction records. The lack of vendor response compounds the risk, leaving affected organizations without official patches and relying on alternative mitigation strategies.

Casky's 261 matched skills leverage Claude's extended reasoning to detect the attack patterns underlying this vulnerability across MITRE ATT&CK Privilege Escalation (TA0004) and Credential Access (TA0006) techniques. Practitioners using Casky would identify detection signals including: suspicious manipulation of session identifiers or API authentication headers (Privilege Escalation: Abuse Elevation Control Mechanism), attempts to forge or replay trusted tokens without completing full authentication flows (Credential Access: Exploitation for Credential Access), and access patterns where low-privilege users suddenly access high-privilege resources without proper authorization checks. The platform's skill mapping would surface behavioral anomalies such as authenticated sessions performing actions outside their permission scope, repeated failed authorization attempts followed by successful ones using modified identifiers, and lateral movement patterns that indicate compromised trusted keys being leveraged across multiple QR Menu instances or integrated systems.

Live Threat IntelligenceComing soon

Casky Risk Score

—

EPSS Probability

—

Shodan Exposure

—

GreyNoise Signal

—

Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →

261 Casky skills cover this attack pattern

These skills use Claude AI's reasoning model to surface findings in the same attack categories as CVE-2025-13479.

analyzing-cloud-storage-access-patterns

cloud security · low

Run

analyzing-kubernetes-audit-logs

container security · low

Run

analyzing-malicious-url-with-urlscan

phishing defense · medium

Run

MITRE ATT&CK Techniques

TA0004 TA0006

Investigate the attack patterns behind CVE-2025-13479

Casky has 261 skills that investigate the attack patterns behind CVE-2025-13479. Run one and get CVSS-scored findings in 3 minutes.

Run the skill that detects this →

X Instagram LinkedIn