Unauthorized Access Flaw in Melis Platform's Admin Module by Melis Technology
CVE-2025-10352

9.3CRITICAL

Key Information:

Vendor: Melis Technology
Status: Melis Platform
Vendor: CVE Published:; 8 October 2025

🔔 Create Melis Technology Vulnerability Alert

What is CVE-2025-10352?

The melis-core module of Melis Technology's Melis Platform contains a vulnerability that permits unauthenticated attackers to exploit the system. By sending a crafted request to the endpoint '/melis/MelisCore/ToolUser/addNewUser', an attacker can create administrator user accounts without proper authorization. This flaw poses significant security risks, as it can lead to unauthorized access and control over the Melis Platform, highlighting the need for immediate remediation and user awareness.

Affected Version(s)

Melis Platform 0 < 5.3.11

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Jesús Manzano Vázquez

Juan Manuel Martínez Hernández

Manuel Iván San Martín Castillo

Ángel Montilla Muñoz

JSON