EUVD-2025-31825

Comprehensive Technical Analysis of EUVD-2025-31825

1. Vulnerability Assessment and Severity Evaluation

The vulnerability in the melis-core module of Melis Technology's Melis Platform allows an unauthenticated attacker to create an administrator account via a specific request to '/melis/MelisCore/ToolUser/addNewUser'. This vulnerability is rated with a CVSS Base Score of 9.3, indicating a critical severity level. The CVSS vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N breaks down as follows:

Attack Vector (AV): Network (N) - The vulnerability is exploitable over the network.
Attack Complexity (AC): Low (L) - The attack requires minimal skill or resources.
Authentication (AT): None (N) - No authentication is required to exploit the vulnerability.
Privileges Required (PR): None (N) - No privileges are required to exploit the vulnerability.
User Interaction (UI): None (N) - No user interaction is required to exploit the vulnerability.
Confidentiality Impact (VC): High (H) - The vulnerability has a high impact on confidentiality.
Integrity Impact (VI): High (H) - The vulnerability has a high impact on integrity.
Availability Impact (VA): High (H) - The vulnerability has a high impact on availability.
Scope Change (SC): None (N) - The vulnerability does not change the security scope.
Scope Integrity (SI): None (N) - The vulnerability does not impact the integrity of the security scope.
Scope Availability (SA): None (N) - The vulnerability does not impact the availability of the security scope.

2. Potential Attack Vectors and Exploitation Methods

The primary attack vector is through an unauthenticated network request to the '/melis/MelisCore/ToolUser/addNewUser' endpoint. An attacker could exploit this vulnerability by:

Sending a Crafted HTTP Request: An attacker can send a specially crafted HTTP request to the vulnerable endpoint, which would result in the creation of an administrator account.
Automated Scripts: Attackers could use automated scripts to scan for vulnerable instances of the Melis Platform and exploit the vulnerability en masse.
Phishing and Social Engineering: Attackers could use phishing techniques to trick users into visiting a malicious site that sends the crafted request to the vulnerable endpoint.

3. Affected Systems and Software Versions

The vulnerability affects Melis Platform versions prior to 5.3.11. Organizations using these versions are at risk and should prioritize updating to the latest version.

4. Recommended Mitigation Strategies

Immediate Patching: Upgrade to Melis Platform version 5.3.11 or later, which includes the fix for this vulnerability.
Network Segmentation: Implement network segmentation to limit access to the vulnerable endpoint.
Access Controls: Enforce strict access controls and monitoring on the '/melis/MelisCore/ToolUser/addNewUser' endpoint.
Intrusion Detection Systems (IDS): Deploy IDS to monitor for suspicious activity related to the vulnerable endpoint.
Regular Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate similar issues.

5. Impact on European Cybersecurity Landscape

The vulnerability poses a significant risk to organizations using the Melis Platform, particularly those in critical sectors such as finance, healthcare, and government. Successful exploitation could lead to unauthorized access, data breaches, and potential disruption of services. The European Union's cybersecurity agencies, such as ENISA and INCIBE, should prioritize awareness campaigns and provide guidance to affected organizations.

6. Technical Details for Security Professionals

Vulnerability Identification: The vulnerability is identified by EUVD ID EUVD-2025-31825 and aliases CVE-2025-10352 and GHSA-p3vc-g9f9-mgw4.
Exploitation Details: The exploitation involves sending a POST request to '/melis/MelisCore/ToolUser/addNewUser' with parameters that create an administrator account.
Detection: Security professionals can detect exploitation attempts by monitoring network traffic for unusual requests to the vulnerable endpoint.
Response: In case of detection, immediate incident response procedures should be initiated, including isolating affected systems, patching the vulnerability, and conducting a thorough investigation to determine the extent of the compromise.

Conclusion

The vulnerability in the Melis Platform's melis-core module is critical and requires immediate attention. Organizations should prioritize patching and implement robust security measures to mitigate the risk. The European cybersecurity community should collaborate to ensure widespread awareness and effective mitigation strategies are in place.

References

Comprehensive Technical Analysis of EUVD-2025-31825

1. Vulnerability Assessment and Severity Evaluation

Attack Vector (AV): Network (N) - The vulnerability is exploitable over the network.
Attack Complexity (AC): Low (L) - The attack requires minimal skill or resources.
Authentication (AT): None (N) - No authentication is required to exploit the vulnerability.
Privileges Required (PR): None (N) - No privileges are required to exploit the vulnerability.
User Interaction (UI): None (N) - No user interaction is required to exploit the vulnerability.
Confidentiality Impact (VC): High (H) - The vulnerability has a high impact on confidentiality.
Integrity Impact (VI): High (H) - The vulnerability has a high impact on integrity.
Availability Impact (VA): High (H) - The vulnerability has a high impact on availability.
Scope Change (SC): None (N) - The vulnerability does not change the security scope.
Scope Integrity (SI): None (N) - The vulnerability does not impact the integrity of the security scope.
Scope Availability (SA): None (N) - The vulnerability does not impact the availability of the security scope.

2. Potential Attack Vectors and Exploitation Methods

The primary attack vector is through an unauthenticated network request to the '/melis/MelisCore/ToolUser/addNewUser' endpoint. An attacker could exploit this vulnerability by:

Sending a Crafted HTTP Request: An attacker can send a specially crafted HTTP request to the vulnerable endpoint, which would result in the creation of an administrator account.
Automated Scripts: Attackers could use automated scripts to scan for vulnerable instances of the Melis Platform and exploit the vulnerability en masse.
Phishing and Social Engineering: Attackers could use phishing techniques to trick users into visiting a malicious site that sends the crafted request to the vulnerable endpoint.

3. Affected Systems and Software Versions

The vulnerability affects Melis Platform versions prior to 5.3.11. Organizations using these versions are at risk and should prioritize updating to the latest version.

4. Recommended Mitigation Strategies

Immediate Patching: Upgrade to Melis Platform version 5.3.11 or later, which includes the fix for this vulnerability.
Network Segmentation: Implement network segmentation to limit access to the vulnerable endpoint.
Access Controls: Enforce strict access controls and monitoring on the '/melis/MelisCore/ToolUser/addNewUser' endpoint.
Intrusion Detection Systems (IDS): Deploy IDS to monitor for suspicious activity related to the vulnerable endpoint.
Regular Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate similar issues.

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

Vulnerability Identification: The vulnerability is identified by EUVD ID EUVD-2025-31825 and aliases CVE-2025-10352 and GHSA-p3vc-g9f9-mgw4.
Exploitation Details: The exploitation involves sending a POST request to '/melis/MelisCore/ToolUser/addNewUser' with parameters that create an administrator account.
Detection: Security professionals can detect exploitation attempts by monitoring network traffic for unusual requests to the vulnerable endpoint.
Response: In case of detection, immediate incident response procedures should be initiated, including isolating affected systems, patching the vulnerability, and conducting a thorough investigation to determine the extent of the compromise.

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2025-31825

1. Vulnerability Assessment and Severity Evaluation

2. Potential Attack Vectors and Exploitation Methods

3. Affected Systems and Software Versions

4. Recommended Mitigation Strategies

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

Conclusion

References

References

Affected Products

Vendors

EUVD-2025-31825

Description

EPSS Score:

Comprehensive Technical Analysis of EUVD-2025-31825

1. Vulnerability Assessment and Severity Evaluation

2. Potential Attack Vectors and Exploitation Methods

3. Affected Systems and Software Versions

4. Recommended Mitigation Strategies

5. Impact on European Cybersecurity Landscape

6. Technical Details for Security Professionals

Conclusion

References

References

Affected Products

Vendors