CVE-2025-59757 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. The vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_CATOLD.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters, which when accessed by a victim, executes in the victim's browser context. This allows the attacker to perform actions such as session hijacking, defacement, or redirecting users to malicious sites. The vulnerability does not require authentication (AV:N), has low attack complexity (AC:L), and no privileges are needed (PR:N). However, it requires user interaction (UI:A), specifically the victim clicking or visiting the malicious URL. The impact on confidentiality is low, as the attacker can only access data accessible to the victim's browser session, and there is no direct impact on integrity or availability. The vulnerability is classified as medium severity with a CVSS 4.0 base score of 5.1. No known exploits are currently observed in the wild, and no patches have been published yet. The vulnerability was reserved on 2025-09-19 and published on 2025-10-02 by INCIBE. The CWE classification is CWE-79, indicating improper input neutralization leading to XSS.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a risk primarily to web application users, including employees and partners who access the affected login page. Successful exploitation could lead to session hijacking, unauthorized actions performed on behalf of the user, or phishing attacks leveraging the trusted domain. While the direct impact on system integrity and availability is limited, the confidentiality of user sessions and potentially sensitive information accessible through the browser could be compromised. This could lead to further lateral attacks or data leakage. Given that e-TMS is a transport management system, attackers might leverage XSS to manipulate session data or redirect users to malicious payloads, potentially disrupting logistics operations or causing reputational damage. The requirement for user interaction means that social engineering or phishing campaigns could be used to exploit this vulnerability. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize such vulnerabilities rapidly after disclosure.

1. Immediate mitigation should include implementing strict input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM_CATOLD.ASP' endpoint to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3. Educate users and administrators about the risks of clicking on suspicious links, especially those purporting to be from trusted sources. 4. Monitor web server logs for unusual URL patterns that may indicate attempted exploitation. 5. Since no official patch is currently available, consider deploying Web Application Firewalls (WAF) with custom rules to detect and block malicious payloads targeting these parameters. 6. Plan for prompt application of official patches once released by AndSoft. 7. Conduct security awareness training focused on phishing and social engineering to reduce the likelihood of successful user interaction exploitation. 8. Review and harden session management to limit the impact of session hijacking attempts.