Login Sign Up

CVE-2025-52023

5.3 MEDIUM

📋 TL;DR

This vulnerability in gemscms.aptsys.com.sg's PHP backend allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This information exposure can aid attackers in reconnaissance and further exploitation. All systems running gemscms.aptsys.com.sg through 2025-05-28 are affected.

💻 Affected Systems

Products:
  • gemscms.aptsys.com.sg
Versions: through 2025-05-28
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects public API endpoints accessible via HTTP GET/POST requests.

📦 What is this software?

Gemscms Backend by Aptsys

View all CVEs affecting Gemscms Backend →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers use disclosed information to map the application structure, identify other vulnerabilities, and potentially achieve remote code execution or data exfiltration.

🟠

Likely Case

Attackers gather reconnaissance data about the application's internal structure, file paths, and code logic to plan targeted attacks.

🟢

If Mitigated

Limited information disclosure that doesn't lead to further compromise if proper input validation and error handling are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted HTTP requests to trigger error conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://aptsys.com

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. Apply any available patches. 3. Verify error handling is properly configured.

🔧 Temporary Workarounds

Disable Detailed Error Reporting

all

Configure PHP to suppress detailed error messages in production environments.

php.ini: display_errors = Off
php.ini: log_errors = On
php.ini: error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

Implement Custom Error Handler

all

Create a custom error handler that returns generic error messages.

set_error_handler(function($errno, $errstr, $errfile, $errline) { error_log('Error: ' . $errstr); return 'An error occurred'; });

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block requests triggering error messages.
  • Restrict access to API endpoints using IP whitelisting or authentication.

🔍 How to Verify

Check if Vulnerable:

Send malformed HTTP requests to public API endpoints and check if detailed error messages are returned.

Check Version:

Check application version in admin panel or configuration files.

Verify Fix Applied:

Test with same malformed requests and verify only generic error messages are returned.

📡 Detection & Monitoring

Log Indicators:

  • Unusual error log entries with stack traces
  • Multiple failed API requests from single IPs

Network Indicators:

  • HTTP requests with malformed parameters to API endpoints
  • Responses containing file paths or code snippets

SIEM Query:

source='web_logs' AND (message LIKE '%stack trace%' OR message LIKE '%/var/www/%' OR message LIKE '%PHP Notice%')

📊 Metadata

CVE ID: CVE-2025-52023
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-209
EPSS Score: 0.04% exploit probability (13.1th percentile)
Published: January 23, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52023, you might also want to check these:

CVE-2025-62168 10.0

Squid caching proxy versions before 7.2 fail to properly redact HTTP authentication credentials in e...

Same vulnerability type (CWE-209)
CVE-2025-46658 9.8

CVE-2025-46658 is an information disclosure vulnerability in 4C Strategies ExonautWeb where verbose ...

Same vulnerability type (CWE-209)
CVE-2024-6980 9.8

A verbose error handling issue in the GravityZone Update Server proxy service allows attackers to pe...

Same vulnerability type (CWE-209)