CVE-2025-10352 is a critical security vulnerability identified in the melis-core module of Melis Technology's Melis Platform. The flaw is categorized under CWE-862 (Missing Authorization), indicating that the system fails to properly enforce authorization checks on a sensitive operation. Specifically, the vulnerability allows an unauthenticated attacker to create an administrator account by sending a crafted HTTP request to the endpoint '/melis/MelisCore/ToolUser/addNewUser'. Because no authentication or user interaction is required, the attack surface is broad, and exploitation can be automated and performed remotely over the network. The vulnerability impacts all versions of the Melis Platform (noted as version 0 in the data), and no patches or fixes have been released at the time of publication. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). This means an attacker can fully compromise the system, gaining administrative privileges, which could lead to data theft, system manipulation, or disruption of services. Although no known exploits are reported in the wild yet, the criticality and ease of exploitation make this vulnerability a prime target for attackers. The vulnerability was published on October 8, 2025, with INCIBE as the assigner. The absence of patches necessitates immediate defensive actions by affected organizations.

For European organizations using the Melis Platform, this vulnerability poses a severe risk. Successful exploitation grants attackers full administrative control, enabling them to manipulate or exfiltrate sensitive data, disrupt operations, deploy malware, or pivot within internal networks. Given the criticality and unauthenticated nature of the exploit, attackers can rapidly compromise systems without detection. This threat is particularly concerning for sectors with high-value data or critical infrastructure, such as finance, healthcare, government, and telecommunications. The lack of available patches increases exposure time, potentially leading to widespread compromise if attackers develop and deploy exploits. Additionally, regulatory implications under GDPR and other data protection laws could result in significant fines and reputational damage if breaches occur. The vulnerability could also be leveraged in targeted attacks or ransomware campaigns, amplifying its impact across European enterprises.

Since no official patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to the vulnerable endpoint '/melis/MelisCore/ToolUser/addNewUser' using firewalls or web application firewalls (WAFs) to block unauthorized requests. Employ strict IP whitelisting or VPN access controls to limit exposure. Monitor logs and alerts for any suspicious account creation activities or anomalous requests targeting the melis-core module. Conduct thorough audits of existing administrator accounts to detect unauthorized additions. Implement multi-factor authentication (MFA) for all administrative accounts to reduce the risk of misuse. Where possible, isolate Melis Platform instances from the internet or untrusted networks. Engage with Melis Technology for updates and patches, and plan for rapid deployment once available. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. Finally, educate security teams about this specific threat to enhance incident response readiness.