CVE-2025-59740 is a critical operating system command injection vulnerability identified in AndSoft's e-TMS product, specifically version 25.03. The vulnerability arises from improper neutralization of special elements used in commands (CWE-77), allowing an unauthenticated attacker to execute arbitrary OS commands on the server hosting the e-TMS application. The flaw is located in the handling of the 'm' parameter within the '/clt/LOGINFRM_CAT.ASP' endpoint, which processes POST requests. Because the application fails to properly sanitize or validate this parameter, an attacker can inject malicious commands that the server executes with the privileges of the web application process. The CVSS 4.0 base score of 9.3 reflects the critical nature of this vulnerability, highlighting that it requires no authentication (AV:N/AC:L/AT:N/PR:N/UI:N) and can lead to a complete compromise of confidentiality, integrity, and availability (VC:H/VI:H/VA:H). The vulnerability does not require user interaction and affects the server directly, making exploitation straightforward once the vulnerable endpoint is accessible. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make this a high-risk issue for any organization using AndSoft e-TMS v25.03. The lack of an available patch at the time of publication increases the urgency for mitigation and risk management.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a significant threat. Successful exploitation can lead to full system compromise, including unauthorized data access, data manipulation, and potential disruption of transport management operations managed by e-TMS. Given that e-TMS is likely used in logistics and transport sectors, disruption could affect supply chains, leading to operational delays and financial losses. Confidential data such as shipment details, client information, and internal communications could be exposed or altered. The critical nature of the vulnerability means attackers could deploy ransomware, establish persistent backdoors, or pivot to other internal systems. This risk is exacerbated in sectors with high regulatory requirements such as GDPR, where data breaches can result in heavy fines and reputational damage. Additionally, the vulnerability’s remote, unauthenticated exploitability increases the attack surface, especially if the affected servers are internet-facing or insufficiently segmented within corporate networks.

Immediate mitigation steps should include restricting access to the vulnerable endpoint '/clt/LOGINFRM_CAT.ASP' by implementing network-level controls such as IP whitelisting or VPN-only access to reduce exposure. Web application firewalls (WAFs) should be configured with custom rules to detect and block suspicious input patterns targeting the 'm' parameter, focusing on command injection signatures. Organizations should conduct thorough input validation and sanitization on all parameters, especially those used in system commands, and employ least privilege principles for the web server process to limit the impact of any successful exploitation. Monitoring and logging of access to the vulnerable endpoint should be enhanced to detect anomalous activities promptly. Until an official patch is released by AndSoft, consider deploying virtual patching via WAF or disabling the vulnerable functionality if feasible. Regular backups and incident response plans should be reviewed and tested to prepare for potential exploitation scenarios. Finally, organizations should maintain close communication with AndSoft for timely patch releases and apply updates as soon as they become available.