CVE-2025-52025

Published: Jan 23, 2026

Modified: Jan 26, 2026

PUBLISHED

Description

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://aptsys.com

https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52025

Description

Affected Products

References