| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2025-62771
Vulnerability Database
CVE-2025-62771
Base Score
HIGH
7.5
CVE-2025-62771
Mercku M6a devices through 2.1.0 allow password changes via intranet CSRF attacks.
Vector
ADJACENT_NETWORK
Published By
cve@mitre.org
Published Date
Oct 22, 2025, 04:16
Weakness Type (CWE)
:
CWE-352
CVSS Metrics
CVSS v3.1
Base Score
7.5
Vector String
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
ADJACENT_NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
HIGH
Availability (A)
HIGH
References
https://blog.nullvoid.me/posts/mercku-exploits/
https://seclists.org/fulldisclosure/2025/Oct/10
Base Score
HIGH
7.5
Weakness Type (CWE)
:
CWE-352
CVSS Metrics
CVSS v3.1
Base Score
7.5
Vector String
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
ADJACENT_NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
HIGH
Integrity (I)
HIGH
Availability (A)
HIGH
