CVE-2025-59750 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. This vulnerability arises due to improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' in the '/clt/LOGINFRM.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded within these parameters. When a victim accesses this URL, the injected script executes in the context of the victim's browser session, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely without any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N). However, the impact on confidentiality is limited (VC:L), and there is no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved on September 19, 2025, and published on October 2, 2025, with a CVSS v4.0 score of 6.9, categorizing it as medium severity. The root cause is the failure to properly sanitize or encode user-supplied input before reflecting it in the web page, a classic CWE-79 issue. This vulnerability affects organizations using the AndSoft e-TMS v25.03, a transport management system likely used in logistics and supply chain operations.

For European organizations, the impact of this XSS vulnerability can be significant, especially for those in logistics, transportation, and supply chain sectors relying on AndSoft e-TMS for operational management. Exploitation could lead to unauthorized access to user sessions, enabling attackers to impersonate legitimate users, steal sensitive information such as credentials or shipment data, and potentially manipulate transport orders or schedules. This could disrupt business operations, cause financial losses, and damage reputations. Additionally, attackers could use the vulnerability as a foothold to deliver further attacks, such as phishing or malware distribution, targeting employees or partners. Given the remote exploitability without user interaction, the risk of automated exploitation attempts exists once the vulnerability becomes widely known. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach and potential for subsequent attacks pose a material risk to European companies using this software.

To mitigate this vulnerability, European organizations using AndSoft e-TMS v25.03 should immediately implement the following measures: 1) Apply any vendor-provided patches or updates as soon as they become available. Since no patch links are currently published, maintain close communication with AndSoft for updates. 2) Implement Web Application Firewall (WAF) rules to detect and block malicious payloads targeting the vulnerable parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM.ASP' endpoint. 3) Conduct input validation and output encoding on the server side to sanitize user inputs before reflecting them in responses, if possible through custom controls or middleware. 4) Educate users about the risks of clicking on suspicious URLs and encourage the use of browser security features that can mitigate XSS attacks, such as Content Security Policy (CSP). 5) Monitor web server logs for unusual requests containing script tags or suspicious parameter values to detect potential exploitation attempts early. 6) Consider isolating the e-TMS application behind network segmentation to limit exposure. 7) Review and enhance incident response plans to quickly address any exploitation events. These steps go beyond generic advice by focusing on immediate protective controls and proactive monitoring tailored to the specific vulnerable parameters and application context.