CVE-2025-62772 LOW

CVE-2025-62772

Vendor Mercku
Product M6a
Weakness CWE-305
Published October 22, 2025
Last update October 22, 2025

CVSS base score

3.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.

Key dates

02Disclosure timeline

October 22, 2025 CVE published
October 22, 2025 Record updated