Vulnerability Database

296,676

Total vulnerabilities in the database

CVE-2025-10353

File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via a POST request to '/melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm' using the 'mcsdetail_img' parameter.

Published: Oct 8, 2025
Updated: Oct 10, 2025
CVE: CVE-2025-10353
GHSA: GHSA-chw4-gjvw-3gxc
Severity: Critical
Exploit:

No technical information available.

CWEs:

CWE-43

Affected Software
References

Software	From	Fixed in
melisplatform / melis-cms-slider	-	5.3.1

https://github.com/ivansmc00/CVE-2025-10353-POC
https://github.com/melisplatform/melis-cms-slider/commit/c8757338ccd2dae5d347db5f494922ecc692f614
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-melis-platform

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo