CVE-2025-59737 is a critical operating system command injection vulnerability identified in AndSoft's e-TMS product, specifically version 25.03. The vulnerability arises from improper neutralization of special elements used in a command (CWE-77), allowing an attacker to inject and execute arbitrary OS commands on the server hosting the application. The issue is triggered via a POST request targeting the '/clt/LOGINFRM_LXA.ASP' endpoint, where the 'm' parameter is improperly sanitized or validated. This lack of input validation enables an unauthenticated attacker to craft malicious payloads that the server executes at the OS level, potentially leading to full system compromise. The vulnerability has a CVSS 4.0 base score of 9.3, reflecting its critical severity due to network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and severity make this a significant threat. The absence of published patches at this time increases the risk for organizations using this software version.

For European organizations utilizing AndSoft e-TMS v25.03, this vulnerability poses a severe risk. Successful exploitation could lead to unauthorized command execution on critical servers, resulting in data breaches, disruption of transportation management services, and potential lateral movement within corporate networks. Confidential information managed by e-TMS systems, such as shipment data, client details, and operational logistics, could be exposed or manipulated. The integrity of transportation workflows could be compromised, causing operational delays or financial losses. Additionally, attackers could deploy ransomware or other malware post-exploitation, amplifying the impact. Given the critical nature of the vulnerability and the lack of authentication requirements, European companies in logistics, supply chain management, and related sectors are particularly vulnerable, especially if they have not implemented compensating controls or network segmentation.

Immediate mitigation steps should include restricting network access to the vulnerable endpoint '/clt/LOGINFRM_LXA.ASP' through firewall rules or web application firewalls (WAF) to limit exposure. Organizations should implement strict input validation and sanitization on the 'm' parameter to prevent command injection. Until an official patch is released, consider deploying virtual patching via WAF rules that detect and block suspicious payloads targeting command injection patterns. Conduct thorough logging and monitoring of server requests to identify potential exploitation attempts. Network segmentation should be enforced to isolate the e-TMS server from critical internal systems. Additionally, organizations should prepare for rapid patch deployment once AndSoft releases a fix and perform vulnerability scanning to identify affected instances. Incident response plans should be updated to address potential exploitation scenarios involving this vulnerability.