PatchSiren cyber security CVE debrief
CVE-2025-52023 Aptsys CVE debrief
CVE-2025-52023 is an information exposure vulnerability in the PHP backend of Gemscms, allowing unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces via specially crafted HTTP GET/POST requests to public API endpoints. This issue is classified under CWE-209: Information Exposure Through an Error Message.
- Vendor
- Aptsys
- Product
- Gemscms Backend
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-23
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-23
- Advisory updated
- 2026-07-05
Who should care
Organizations using Gemscms Backend version up to 2025-05-28 should prioritize patching this vulnerability to prevent potential exploitation. Security teams and administrators responsible for web applications and APIs should be aware of this issue and take necessary measures to protect against information exposure.
Technical summary
The vulnerability exists in the PHP backend of Gemscms, specifically in the way it handles error messages. When an attacker sends a specially crafted HTTP GET/POST request to a public API endpoint, the application responds with a detailed error message that includes internal file paths, code snippets, and stack traces. This information can be useful for further exploitation, potentially leading to more severe attacks. The issue has a CVSS score of 5.3 and is classified as CWE-209: Information Exposure Through an Error Message.
Defensive priority
Medium priority should be given to patching this vulnerability, as it can lead to information exposure and potentially aid in further exploitation.
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability
- Implement input validation and sanitization for API endpoints to prevent malicious requests
- Configure error handling to provide minimal information in error messages
- Monitor API endpoints for suspicious activity and implement logging and alerting
- Consider implementing a Web Application Firewall (WAF) to detect and prevent attacks
Evidence notes
The CVE record was published on 2026-01-23T21:15:50.507Z and last modified on 2026-07-05T17:17:15.787Z. The NVD entry is currently Modified. The vulnerability affects Gemscms Backend version up to 2025-05-28.
Official resources
-
CVE-2025-52023 CVE record
CVE.org
-
CVE-2025-52023 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-23T21:15:50.507Z and has not been modified since then. The NVD entry is currently Modified.