CVE-2025-59736 is a critical operating system command injection vulnerability identified in AndSoft's e-TMS product, specifically version 25.03. The vulnerability arises from improper neutralization of special elements used in commands (CWE-77), allowing an attacker to inject and execute arbitrary OS commands on the server hosting the vulnerable application. The attack vector involves sending a crafted POST request targeting the 'm' parameter in the '/clt/LOGINFRM_DJO.ASP' endpoint. Because the application fails to properly sanitize or validate this parameter, an attacker can manipulate it to execute unauthorized commands at the operating system level. The CVSS 4.0 base score of 9.3 reflects the high severity, with a vector indicating network attack (AV:N), no required privileges (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). This means the vulnerability can be exploited remotely without authentication or user interaction, potentially leading to full system compromise, data theft, service disruption, or further lateral movement within the network. No known exploits are currently reported in the wild, but the critical nature and ease of exploitation make it a significant threat. The lack of available patches at the time of publication increases the urgency for mitigation and monitoring.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized access to sensitive operational data, disruption of transportation management services, and potential compromise of connected internal systems. Given that e-TMS is likely used in logistics and transportation sectors, disruption could affect supply chains, leading to economic losses and operational delays. Confidentiality breaches could expose business-critical information or personal data, risking regulatory non-compliance under GDPR. The ability to execute arbitrary commands remotely without authentication increases the threat of ransomware deployment or use as a foothold for broader network attacks. The impact extends beyond the directly affected server, as attackers could pivot to other systems, amplifying damage. European organizations with critical infrastructure or logistics dependencies on e-TMS should consider this vulnerability a high-priority security incident.

Immediate mitigation should include isolating the vulnerable e-TMS server from untrusted networks to reduce exposure. Network-level controls such as web application firewalls (WAFs) should be configured to detect and block suspicious POST requests targeting the '/clt/LOGINFRM_DJO.ASP' endpoint, especially those manipulating the 'm' parameter. Organizations should implement strict input validation and sanitization on all user-supplied data, particularly parameters passed to system commands. Until an official patch is released, consider deploying virtual patching via WAF or IPS solutions. Conduct thorough logging and monitoring of server activity to detect anomalous command execution attempts. Restrict the privileges of the e-TMS service account to the minimum necessary to limit the impact of a successful exploit. Additionally, perform regular backups of critical data and test incident response plans focused on command injection scenarios. Engage with AndSoft for timely patch updates and verify the integrity of software installations.