CVE-2025-59765 is a reflected Cross-site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. This vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_LF.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters. When a victim accesses this URL, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is classified under CWE-79, indicating failure to properly sanitize or encode user-supplied input before reflecting it in the web page. According to the CVSS v4.0 vector, the attack requires no privileges and no authentication (AV:N/AC:L/PR:N/AT:N), but does require user interaction (UI:A) since the victim must click or visit the malicious link. The impact on confidentiality is low, with no direct integrity or availability impact, but the scope is limited to the user’s browser session. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved on 2025-09-19 and published on 2025-10-02 by INCIBE.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a risk primarily to end users who access the affected login page. Successful exploitation could allow attackers to steal session cookies or credentials, enabling unauthorized access to the transportation management system. This could lead to data leakage, manipulation of shipment data, or disruption of logistics operations. Given the critical role of transportation management in supply chains, especially in industries like manufacturing, retail, and distribution prevalent in Europe, exploitation could cause operational delays and financial losses. However, the medium CVSS score and requirement for user interaction limit the immediacy of risk. The absence of known exploits suggests that proactive mitigation can prevent widespread impact. Organizations with remote or web-accessible e-TMS portals are particularly at risk, especially if users are not trained to recognize phishing attempts. The vulnerability also raises compliance concerns under GDPR if personal or sensitive data is exposed through session hijacking or unauthorized access.

European organizations should implement the following specific measures: 1) Immediately review and restrict access to the affected '/clt/LOGINFRM_LF.ASP' endpoint, applying web application firewall (WAF) rules to detect and block malicious payloads in the identified parameters. 2) Educate users on phishing risks and the dangers of clicking unknown links, emphasizing vigilance around URLs related to e-TMS login pages. 3) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the e-TMS application. 4) Monitor web server logs for unusual query strings or repeated attempts to exploit the vulnerable parameters. 5) Coordinate with AndSoft for timely patch deployment once available, and apply any interim vendor recommendations. 6) Implement multi-factor authentication (MFA) on e-TMS accounts to reduce the impact of credential theft. 7) Conduct regular security assessments and penetration tests focusing on input validation and output encoding in web applications. These targeted actions go beyond generic advice by focusing on the specific vulnerable parameters and the operational context of e-TMS in European logistics environments.