SQL Injection Vulnerability in Melis Platform by Melis Technology
CVE-2025-10351

9.3CRITICAL

Key Information:

Vendor: Melis Technology
Status: Melis Platform
Vendor: CVE Published:; 8 October 2025

🔔 Create Melis Technology Vulnerability Alert

What is CVE-2025-10351?

The Melis CMS platform from Melis Technology has an SQL injection vulnerability within its melis-cms module. This flaw is present in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint, specifically relating to the 'idPage' parameter. Abusive exploitation of this vulnerability could enable an attacker to perform unauthorized database operations, including the retrieval, creation, updating, and deletion of records within the database, potentially compromising the integrity and confidentiality of sensitive data.

Affected Version(s)

Melis Platform 0 < 5.3.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Jesús Manzano Vázquez

Juan Manuel Martínez Hernández

Manuel Iván San Martín Castillo

Ángel Montilla Muñoz

JSON