CVE-2025-52025

Name of the Vulnerable Software and Affected Versions Aptsys gemscms POS Platform versions prior to 2025-05-29

Description An SQL Injection issue exists in the backend of the Aptsys gemscms POS Platform. The issue is due to the direct insertion of user-supplied input into a dynamic SQL query without sufficient sanitization or parameterization. An attacker can inject and execute arbitrary SQL code by submitting crafted input through the id parameter of the /api/GetServiceByRestaurantID API endpoint. Successful exploitation could lead to unauthorized data access or modification.

Recommendations Apply updates to versions after 2025-05-28.