CVE-2025-10352 | THREATINT

Description

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.

PUBLISHED Reserved 2025-09-12 | Published 2025-10-08 | Updated 2025-10-08 | Assigner INCIBE

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-862 Missing Authorization

Product status

Default status

unaffected

Any version before 5.3.11

affected

Credits

Jesús Manzano Vázquez finder

Juan Manuel Martínez Hernández finder

Manuel Iván San Martín Castillo finder

Ángel Montilla Muñoz finder

References

www.incibe.es/...iso/multiple-vulnerabilities-melis-platform

cve.org (CVE-2025-10352)

nvd.nist.gov (CVE-2025-10352)

Download JSON