CVE-2025-62774

Summary

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.

Affected Software

VendorProductVersion RangeStatus
MerckuM6a0 <= 2.1.0affected

Weaknesses

  • CWE-331: CWE-331 Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References