CVE-2025-62771

HIGH

Mercku M6a <2.1.0 - CSRF

Title source: llm

Description

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0001
EPSS Percentile 2.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-352
Status draft

Timeline

Published Oct 22, 2025
Tracked Since Feb 18, 2026