CVE-2025-59735 is a critical operating system command injection vulnerability identified in AndSoft's e-TMS product, specifically version 25.03. The vulnerability arises from improper neutralization of special elements in user-supplied input, classified under CWE-77. The flaw exists in the handling of the 'm' parameter within the '/clt/LOGINFRM.ASP' endpoint. An attacker can exploit this vulnerability by sending a crafted POST request containing malicious input in the 'm' parameter, which is then improperly sanitized or validated before being passed to an operating system command execution context on the server. This allows the attacker to execute arbitrary OS commands with the privileges of the web server process, potentially leading to full system compromise. The vulnerability does not require authentication, user interaction, or elevated privileges to exploit, and the attack vector is network accessible (remote). The CVSS v4.0 base score is 9.3, indicating a critical severity level, with high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and the critical nature of the flaw make it a significant threat. The lack of a published patch at the time of disclosure increases the urgency for mitigation and risk management.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized remote code execution on critical transportation management systems, potentially disrupting logistics operations, supply chain management, and associated business processes. Confidential data handled by e-TMS, such as shipment details, client information, and operational schedules, could be exposed or altered, leading to data breaches and loss of trust. Integrity of operational data may be compromised, causing erroneous shipments or financial losses. Availability impacts could result from system downtime or ransomware deployment following exploitation. Given the critical role of transportation management in European economies, especially in sectors like manufacturing, retail, and distribution, this vulnerability could have cascading effects on business continuity and regulatory compliance, including GDPR considerations for data protection.

Immediate mitigation steps include restricting network access to the vulnerable endpoint '/clt/LOGINFRM.ASP' through firewall rules or network segmentation to limit exposure. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'm' parameter. Conduct thorough input validation and sanitization on all user inputs, particularly those passed to system commands, implementing allow-listing where feasible. Monitor server logs for anomalous POST requests to the affected endpoint and signs of command injection attempts. Until an official patch is released, consider deploying runtime application self-protection (RASP) solutions to detect and prevent command injection at runtime. Engage with AndSoft for timely patch deployment and verify the integrity of the update before applying. Additionally, implement least privilege principles for the web server process to minimize the impact of potential exploitation.