CVE-2025-62774

LOW

Mercku M6a <2.1.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.

References (2)

Scores

CVSS v3 3.1
EPSS 0.0001
EPSS Percentile 2.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-331
Status published
Products (1)
Mercku/M6a < 2.1.0
Published Oct 22, 2025
Tracked Since Feb 18, 2026