CVE-2025-10352 - Vulnerability Details

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00088.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Melistechnology	Melis Platform

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Melistechnology	Melis Platform

Advisories

Source	ID	Title
Github GHSA	GHSA-p3vc-g9f9-mgw4	Melis Platform CMS Unauthenticated Admin Account Creation

Fixes

Solution

The vulnerability has been fixed by the Melis Technology team in the melis-cms v5.3.4, melis-core v5.3.11, and melis-cms-slider v.5.3.1 modules.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-melis-platform

History

Thu, 09 Oct 2025 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Melistechnology Melistechnology melis Platform
Vendors & Products		Melistechnology Melistechnology melis Platform

Wed, 08 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 08 Oct 2025 11:00:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
Title		Missing Authorization vulnerability in Melis Platform
Weaknesses		CWE-862
References		https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-melis-platform
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2025-10-08T10:46:40.687Z

Updated: 2025-10-08T13:46:37.281Z

Reserved: 2025-09-12T10:35:02.488Z

Link: CVE-2025-10352

Vulnrichment

Updated: 2025-10-08T13:43:56.440Z

NVD

Status : Awaiting Analysis

Published: 2025-10-08T11:15:34.247

Modified: 2025-10-08T19:38:09.863

Link: CVE-2025-10352

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-10-09T12:51:39Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object