Operating System Command Injection in AndSoft's e-TMS Product
CVE-2025-59735

9.3CRITICAL

Key Information:

Vendor

Andsoft

Status
E-tms
Vendor
CVE Published:
2 October 2025

What is CVE-2025-59735?

CVE-2025-59735 is a significant vulnerability identified in AndSoft's e-TMS product, specifically in version 25.03. e-TMS is a transportation management software solution that streamlines logistics operations, optimizing processes such as shipment tracking, inventory management, and route planning for organizations. The vulnerability arises from an operating system command injection flaw, which permits attackers to execute arbitrary operating system commands on the server hosting the application. This occurs through specially crafted POST requests, exploiting a weakness linked to the handling of a 'm' parameter in the application's login form. If left unaddressed, this vulnerability can severely compromise an organization's server integrity and security.

Potential impact of CVE-2025-59735

  1. Unauthorized System Access: Exploiting this vulnerability could enable attackers to gain unauthorized access to the server, resulting in full control over the system. This may facilitate further attacks on the network, potentially leading to data breaches and unauthorized data manipulation.

  2. Data Integrity Compromise: Attackers leveraging this vulnerability can execute commands that alter or delete critical data, undermining the integrity of the transportation management system. This could disrupt operations, cause financial losses, and damage the organization's reputation.

  3. Increased Risk of Malware Deployment: The ability to execute arbitrary commands presents a risk that attackers could deploy malware or other malicious tools on the server. This could lead to subsequent breaches, escalation of attacks, or the compromise of connected systems, further endangering the entire organizational infrastructure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

e-TMS v25.03 version

References

https://www.incibe.es/en/incibe-cert/notices/aviso/update...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maximilian Hildebrand (m10x.de)
JSON
.