CVE-2025-62775 is a vulnerability identified in Mercku M6a devices running firmware version 2.1.0, classified under CWE-669, which involves incorrect resource transfer between security spheres. Specifically, the vulnerability allows root TELNET logins using the web admin password, effectively bypassing intended authentication mechanisms. This means that an attacker with network access and low privileges can escalate to root access remotely without requiring user interaction. The vulnerability arises because the device improperly shares authentication credentials or session tokens between the web administration interface and the TELNET service, which should be isolated. The CVSS 3.1 base score is 8.0, indicating high severity, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits have been reported in the wild, the vulnerability's nature allows potential attackers to gain full control over the device, enabling them to intercept or manipulate network traffic, disrupt services, or use the device as a foothold for further attacks. The lack of available patches at the time of publication increases the urgency for interim mitigations. This vulnerability is particularly concerning for environments where Mercku M6a devices are deployed as critical network infrastructure, such as enterprise or industrial settings.

For European organizations, the impact of CVE-2025-62775 can be severe. Compromise of Mercku M6a devices could lead to unauthorized root access, allowing attackers to intercept sensitive data, manipulate network configurations, or disrupt network availability. This could affect confidentiality of communications, integrity of network operations, and availability of services relying on these devices. Organizations in sectors such as finance, healthcare, manufacturing, and critical infrastructure that use Mercku M6a devices are at heightened risk. The vulnerability could facilitate lateral movement within corporate networks, enabling attackers to escalate privileges and access other critical systems. Additionally, the exposure of root TELNET access increases the risk of automated attacks or worm propagation within networks. The absence of public exploits currently provides a limited window for mitigation, but the high severity score and ease of exploitation mean that European organizations should act promptly to reduce risk.

1. Immediately disable TELNET access on all Mercku M6a devices if possible, or restrict TELNET access to trusted management networks only. 2. Change the web admin password to a strong, unique value and ensure it is not reused elsewhere. 3. Implement network segmentation to isolate management interfaces from general user networks, reducing exposure to adjacent network attacks. 4. Monitor network traffic and device logs for unusual TELNET login attempts or other suspicious activities. 5. Apply strict access control lists (ACLs) to limit which IP addresses can reach the device management interfaces. 6. Regularly audit device configurations and firmware versions to identify vulnerable devices. 7. Engage with Mercku support channels to obtain patches or firmware updates as soon as they become available. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect attempts to exploit this vulnerability. 9. Educate network administrators about the risks of TELNET and encourage migration to more secure management protocols such as SSH. 10. Prepare incident response plans specific to network device compromise scenarios to enable rapid containment and recovery.