Remote Code Execution Vulnerability in Melis Technology's Melis Platform
CVE-2025-10353

9.3CRITICAL

Key Information:

Vendor: Melis Technology
Status: Melis Platform
Vendor: CVE Published:; 8 October 2025

🔔 Create Melis Technology Vulnerability Alert

What is CVE-2025-10353?

The 'melis-cms-slider' module within the Melis Platform is susceptible to a file upload vulnerability that can lead to remote code execution. An attacker can exploit this weakness by sending a crafted POST request containing a malicious file through the 'mcsdetail_img' parameter to the endpoint '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm'. This exploitation can allow the attacker to gain unauthorized control over the affected system, posing significant security risks.

Affected Version(s)

Melis Platform 0 < 5.3.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Jesús Manzano Vázquez

Juan Manuel Martínez Hernández

Manuel Iván San Martín Castillo

Ángel Montilla Muñoz

JSON