Unrated severityNVD Advisory· Published Jan 23, 2026· Updated Jan 26, 2026

CVE-2025-52025

Description

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification.

Affected products

Aptsys/gemscms POS Platformdescription
Aptsys/gemscms POS Platformllm-create
Range: <=2025-05-28

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aptsys.commitre
gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000