CVE-2025-52023

Published: Jan 23, 2026

Modified: Jan 26, 2026

PUBLISHED

Description

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://aptsys.com

http://gemscms.com

https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52023

Description

Affected Products

References