CVE-2025-59755 is a reflected Cross-site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03, a transportation management system. The vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_CAT.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters. When a victim clicks this URL, the injected script executes in their browser context without requiring authentication or user interaction beyond clicking the link. This reflected XSS flaw allows attackers to perform actions such as session hijacking, credential theft, or redirecting users to malicious sites. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and limited impact confined to confidentiality. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is assigned CWE-79, indicating improper input sanitization during dynamic web content generation. The lack of authentication or user interaction requirements increases the risk of automated or widespread exploitation via phishing or social engineering campaigns targeting users of the affected e-TMS system.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a significant risk to the confidentiality of user sessions and potentially sensitive operational data accessed through the system. Transportation management systems often integrate with logistics, supply chain, and shipment tracking workflows, making them critical infrastructure components. Exploitation could lead to unauthorized access to session tokens, enabling attackers to impersonate legitimate users, manipulate shipment data, or disrupt logistics operations. Although the vulnerability does not directly impact system integrity or availability, the indirect effects of compromised user accounts could cause operational delays, financial losses, and reputational damage. European companies in logistics, freight forwarding, and supply chain management that rely on AndSoft e-TMS are particularly vulnerable. Additionally, regulatory frameworks such as GDPR impose strict requirements on protecting personal and operational data, so exploitation could also lead to compliance violations and associated penalties.

1. Immediate mitigation should include implementing input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM_CAT.ASP' endpoint to neutralize malicious scripts. 2. Deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting these parameters. 3. Educate users and administrators about the risks of clicking unsolicited links, especially those purporting to be from the e-TMS system. 4. Monitor web server logs for unusual parameter values or repeated access attempts indicative of exploitation attempts. 5. Coordinate with AndSoft to obtain patches or updates addressing this vulnerability and prioritize their deployment once available. 6. Consider implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the e-TMS application. 7. Regularly audit and test web applications for XSS and other injection flaws as part of a secure development lifecycle to prevent recurrence.