CVE-2025-62772

Summary

On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases.

Affected Software

VendorProductVersion RangeStatus
MerckuM6a0 <= 2.1.0affected

Weaknesses

  • CWE-305: CWE-305 Authentication Bypass by Primary Weakness

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References