CVE-2025-52022 - Vulnerability Details

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
http://aptsys.com
https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39

History

Fri, 23 Jan 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
References		http://aptsys.com https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-01-23T00:00:00.000Z

Updated: 2026-01-23T20:26:45.245Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-52022

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-23T21:15:49.673

Modified: 2026-01-23T21:15:49.673

Link: CVE-2025-52022

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object