CVE-2025-59751 is a reflected Cross-site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. The vulnerability arises due to improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_DJO.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters, which, when visited by a victim, results in the execution of arbitrary script code in the victim's browser context. This type of XSS attack can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely without requiring authentication or user interaction beyond clicking the malicious link. The CVSS 4.0 base score is 6.9, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges or user interaction needed, but the impact on confidentiality is limited, with no direct impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved on 2025-09-19 and published on 2025-10-02 by INCIBE, a recognized cybersecurity entity. The CWE classification is CWE-79, which corresponds to improper neutralization of input leading to XSS.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a risk primarily to the confidentiality of user sessions and data. Successful exploitation could allow attackers to steal session cookies, impersonate users, or perform unauthorized actions within the application, potentially leading to data leakage or unauthorized access to sensitive transportation management information. Given that e-TMS is likely used in logistics and transport sectors, disruption or compromise could affect supply chain operations, regulatory compliance, and customer trust. Although the vulnerability does not directly impact system integrity or availability, the indirect consequences of credential theft or session hijacking could lead to broader security incidents. The lack of required authentication or user interaction lowers the barrier for attackers to exploit this vulnerability, increasing risk especially in environments where users may be targeted via phishing or social engineering. European organizations with remote or web-accessible deployments of e-TMS are particularly at risk, especially if they lack web application firewalls or input validation controls. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation.

1. Immediate implementation of input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') within the '/clt/LOGINFRM_DJO.ASP' page to neutralize malicious scripts. 2. Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block reflected XSS payloads targeting these parameters. 3. Educate users and administrators about the risks of clicking unsolicited links, especially those purporting to be related to e-TMS. 4. Monitor web server logs for suspicious requests containing script tags or unusual parameter values indicative of XSS attempts. 5. Coordinate with AndSoft for timely patch releases and apply updates as soon as they become available. 6. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the e-TMS application. 7. Conduct regular security assessments and penetration tests focusing on web input handling to detect similar vulnerabilities proactively. 8. Isolate the e-TMS application within a segmented network zone to limit potential lateral movement if exploitation occurs.