CVE-2025-62771 HIGH

CVE-2025-62771

Vendor Mercku

Product M6a

Weakness CWE-352 · CSRF

Published October 22, 2025

Last update October 22, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.

Key dates

02Disclosure timeline

October 22, 2025 CVE published

October 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62771 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-7379 A security bypass vulnerability was found in DataSync Center installed on ADM CVE-2024-37236 WordPress Loco Translate plugin <= 2.6.9 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-39512 WordPress Bulk Term Editor plugin <= 1.1.4 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2025-49284 WordPress WP Maintenance Mode & Site Under Construction plugin <= 4.3 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2022-47177 WordPress WP EasyPay Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)