CVE-2025-62774 LOW

CVE-2025-62774

Vendor Mercku
Product M6a
Weakness CWE-331
Published October 22, 2025
Last update October 22, 2025

CVSS base score

3.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.

Key dates

02Disclosure timeline

October 22, 2025 CVE published
October 22, 2025 Record updated