Vulnerability Description
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aptsys | Gemscms Backend | <= 2025-05-28 |
Related Weaknesses (CWE)
References
- http://aptsys.comProduct
- http://gemscms.comBroken Link
- https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39Third Party Advisory
FAQ
What is CVE-2025-52023?
CVE-2025-52023 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets,...
How severe is CVE-2025-52023?
CVE-2025-52023 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52023?
Check the references section above for vendor advisories and patch information. Affected products include: Aptsys Gemscms Backend.