CVE-2025-59754 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS product, specifically version 25.03. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. It affects several parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn') within the '/clt/LOGINFRM_original.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters, which, when accessed by a victim, executes in the victim's browser context. This execution can lead to session hijacking, credential theft, or redirection to malicious sites. The vulnerability is exploitable remotely without authentication (AV:N, PR:N), requires low attack complexity (AC:L), and does not require privileges or user interaction beyond clicking the malicious link (UI:A). The impact on confidentiality is low, as the attacker can only execute scripts in the victim’s browser but cannot directly access backend data. Integrity and availability impacts are negligible. The CVSS 4.0 base score is 5.1, indicating a medium severity level. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved on 2025-09-19 and published on 2025-10-02 by INCIBE, a reputable European cybersecurity entity.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a moderate risk primarily to users interacting with the affected login page. Successful exploitation could lead to session hijacking or theft of authentication tokens, enabling attackers to impersonate legitimate users. This could result in unauthorized access to sensitive transportation management data, disruption of logistics operations, or leakage of confidential business information. Given that e-TMS is likely used in logistics and transport sectors, which are critical for supply chain continuity, exploitation could indirectly affect operational efficiency. The reflected XSS nature means attacks require user interaction, typically via phishing or social engineering, which may limit large-scale automated exploitation but still presents a significant risk to targeted users. The absence of known exploits suggests limited current threat but does not preclude future exploitation. European organizations should be vigilant, especially those in countries with significant logistics industries or those known to use AndSoft products.

1. Immediate mitigation should include implementing input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM_original.ASP' page to neutralize malicious scripts. 2. Deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting these parameters. 3. Educate users on phishing risks and encourage caution when clicking on URLs, especially those received via email or untrusted sources. 4. Monitor web server logs for unusual query strings or repeated attempts to exploit these parameters. 5. Coordinate with AndSoft for timely patch releases and apply updates as soon as they become available. 6. Consider implementing Content Security Policy (CSP) headers to restrict script execution contexts and reduce the impact of XSS attacks. 7. Conduct regular security assessments and penetration tests focusing on web input handling to detect similar vulnerabilities proactively.