CVE-2025-52024

Jan. 23, 2026, 9:15 p.m.

None
No Score

Description

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validation. This grants any external actor the ability to discover, test, and execute API endpoints that perform critical functions including but not limited to user transaction retrieval, credit adjustments, POS actions, and internal data queries.

Product(s) Impacted

Vendor Product Versions
Aptys
  • Pos Platform
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a aptys pos_platform / / / / / / / /

References

http://aptsys.com
https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39

Tags

[email protected]
2026-01-23
CVE-2025-52024

Timeline

Published: Jan. 23, 2026, 9:15 p.m.
Last Modified: Jan. 23, 2026, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.