CVE-2025-59756 is a reflected Cross-site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. This vulnerability arises due to improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the 'SuppConn' parameter in the '/clt/LOGINFRM_CON.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript payloads embedded in these parameters, which when accessed by a victim, causes the victim's browser to execute the injected script. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely without authentication and requires user interaction (clicking the malicious link). The CVSS 4.0 base score is 5.1, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges required. The vulnerability impacts confidentiality partially, as it can leak sensitive information via script execution, but does not directly affect system integrity or availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was assigned and published by INCIBE in October 2025.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a moderate risk. Since e-TMS is a transportation management system, it likely handles logistics, shipment tracking, and possibly sensitive client or operational data. Exploitation could allow attackers to steal session cookies or credentials, leading to unauthorized access to the system and potential manipulation of transportation data or disruption of logistics operations. This could result in operational delays, financial losses, and reputational damage. Additionally, attackers could use the XSS vulnerability as a foothold to launch further attacks such as phishing or malware delivery within the organization's network. Given the medium severity and the requirement for user interaction, the threat is significant but not critical. However, organizations with high reliance on e-TMS for critical logistics functions should prioritize mitigation to avoid cascading operational impacts.

1. Immediate mitigation should include implementing robust input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn') to neutralize malicious scripts before rendering them in the browser. 2. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 3. Educate users to be cautious with unsolicited URLs, especially those related to e-TMS login pages. 4. Monitor web server logs for suspicious URL patterns targeting the vulnerable parameters to detect potential exploitation attempts. 5. Since no official patch is currently available, organizations should engage with AndSoft for timelines on patch releases and consider temporary workarounds such as web application firewalls (WAF) with custom rules to block malicious payloads targeting the vulnerable parameters. 6. Conduct regular security assessments and penetration testing focused on web application input handling to identify and remediate similar vulnerabilities proactively.