CVE-2025-10353

Summary

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.

Affected Software

VendorProductVersion RangeStatus
Melis TechnologyMelis Platform0 < 5.3.1affected

Weaknesses

  • CWE-43: CWE-43: Path Equivalence: 'filename….'

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References