CVE-2025-59761 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03, a transport management system application. The vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_DLG.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters. When a victim clicks on this URL, the injected script executes in the victim's browser context, potentially allowing the attacker to steal session cookies, perform actions on behalf of the user, or redirect the user to malicious sites. The vulnerability is classified under CWE-79, indicating failure to properly sanitize or encode user input before reflecting it in the web page output. The CVSS v4.0 base score is 5.1 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:A), low confidentiality impact (VC:L), and no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved on 2025-09-19 and published on 2025-10-02, with INCIBE as the assigner.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a moderate risk primarily to confidentiality and user trust. Since e-TMS is a transport management system, it likely handles sensitive logistics, shipment, and operational data. Exploitation could allow attackers to hijack user sessions, leading to unauthorized access to sensitive transport schedules, client information, or internal communications. This could disrupt supply chain operations or lead to data leakage. The requirement for user interaction (clicking a malicious link) somewhat limits the attack scope, but phishing campaigns targeting employees or partners could be effective. The low integrity and availability impact means the system's core functions are unlikely to be directly disrupted by this vulnerability alone. However, successful exploitation could serve as a foothold for further attacks or social engineering within the organization. The medium severity rating reflects these factors, indicating a need for timely mitigation to prevent potential exploitation.

Given the absence of an official patch, European organizations should implement immediate compensating controls. First, apply strict input validation and output encoding on the affected parameters at the web application firewall (WAF) level to block or sanitize malicious payloads targeting '/clt/LOGINFRM_DLG.ASP'. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Conduct user awareness training to reduce the risk of phishing attacks that could deliver malicious URLs. Monitor web server logs for suspicious requests containing script tags or unusual parameter values. If possible, restrict access to the e-TMS login page to trusted IP ranges or via VPN to reduce exposure. Coordinate with AndSoft for timely patch releases and plan for prompt deployment once available. Additionally, review session management practices to ensure session tokens are protected via HttpOnly and Secure flags to mitigate cookie theft risks.