CVE 9.3 CRITICAL

Missing Authorization vulnerability in Melis Platform_CVE-2025-10352

October 8, 2025 invoker category_cve
9.3 / 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.

Basic Information

ID CVE-2025-10352
Source INCIBE
Published Oct 8, 2025 at 10:46

Affected Product

Vendor Melis Technology
Product Melis Platform
Affected Versions Melis Technology Melis Platform 0

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.