CVE-2025-10352: Melis Platform CMS Unauthenticated Admin Account Creation
(updated )
Vulnerability in the melis-core module of Melis Technology’s Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to ‘/melis/MelisCore/ToolUser/addNewUser’.
References
- github.com/advisories/GHSA-p3vc-g9f9-mgw4
- github.com/ivansmc00/CVE-2025-10352-POC
- github.com/melisplatform/melis-core
- github.com/melisplatform/melis-core/commit/e938dd14e108b921e6a399b35976dfb429c41df5
- nvd.nist.gov/vuln/detail/CVE-2025-10352
- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-melis-platform
Code Behaviors & Features
Detect and mitigate CVE-2025-10352 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →