FKIE_CVE-2025-52026

Vulnerability from fkie_nvd - Published: 2026-01-23 21:15 - Updated: 2026-02-12 16:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
References
cve@mitre.orghttp://aptsys.comProduct
cve@mitre.orghttps://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39Third Party Advisory
Impacted products
Vendor Product Version
aptsys gemscms_backend *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aptsys:gemscms_backend:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F83E13A-9AF7-4E42-9849-9D9684967078",
              "versionEndIncluding": "2025-05-28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de revelaci\u00f3n de informaci\u00f3n en el endpoint /srvs/membersrv/getCashiers de la plataforma de backend Aptsys gemscms hasta el 28-05-2025. Este endpoint no autenticado devuelve una lista de cuentas de cajero, incluyendo nombres, direcciones de correo electr\u00f3nico, nombres de usuario y contrase\u00f1as hasheadas usando MD5. Dado que MD5 es una funci\u00f3n criptogr\u00e1fica rota, los hashes pueden ser f\u00e1cilmente revertidos usando herramientas p\u00fablicas, exponiendo las credenciales de usuario en texto plano. Esto permite a atacantes remotos realizar inicios de sesi\u00f3n no autorizados y potencialmente obtener acceso a operaciones POS sensibles o funciones de backend."
    }
  ],
  "id": "CVE-2025-52026",
  "lastModified": "2026-02-12T16:48:21.933",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-23T21:15:50.813",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "http://aptsys.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.