CVE-2025-10352— Missing Authorization vulnerability in Melis Platform
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-10352
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authorization vulnerability in Melis Platform
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Melis Platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Melis Platform是Melis Platform开源的一个开源跨框架数字平台。 Melis Platform存在安全漏洞,该漏洞源于melis-core模块,未经验证的攻击者可通过请求/melis/MelisCore/ToolUser/addNewUser创建管理员账户,可能导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Melis Technology | Melis Platform | 0 ~ 5.3.11 | - |
II. Public POCs for CVE-2025-10352
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Exploit for CVE-2025-10352. Admin account creation on Melis Platform Framework | https://github.com/ivansmc00/CVE-2025-10352-POC | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-10352
请登录查看更多情报信息。
Same Patch Batch · Melis Technology · 2025-10-08 · 3 CVEs total
| CVE-2025-10351 | SQL injection vulnerability in Melis Platform | |
| CVE-2025-10353 | Missing Authorization vulnerability in Melis Platform |
IV. Related Vulnerabilities
Same weakness: CWE-862
- CVE-2025-14755
Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Man - CVE-2021-47932
WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthen - CVE-2025-15634
HCL BigFix WebUI is affected by a missing authorization vuln - CVE-2026-42297
Argo Workflows Is Missing Authorization in Sync ConfigMap Pr - CVE-2026-42174
Kirby: User avatar creation, replacement and deletion are no
V. Comments for CVE-2025-10352
No comments yet