CVE-2025-62771

Published: Oct 22, 2025Modified: Oct 22, 2025

7.5

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: MITRE (Secondary)

Description

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://blog.nullvoid.me/posts/mercku-exploits/

Source: cve@mitre.org

https://seclists.org/fulldisclosure/2025/Oct/10

Source: cve@mitre.org

Timeline

No history available yet.