CVE-2025-59771 is a reflected Cross-site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. The vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_MRK.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters, which, when visited by a victim, executes the script in the victim's browser context. This type of reflected XSS does not require prior authentication and can be exploited remotely by enticing users to click on malicious links. The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vector details show that the attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:A). The vulnerability impacts confidentiality to a limited extent (VC:L) but does not affect integrity or availability. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is assigned by INCIBE and was published on October 2, 2025. The CWE classification is CWE-79, which covers improper neutralization of input leading to XSS.

For European organizations using AndSoft's e-TMS v25.03, this vulnerability poses a risk primarily to users interacting with the affected web interface. Successful exploitation could allow attackers to execute arbitrary JavaScript in users' browsers, potentially leading to session hijacking, theft of sensitive information such as authentication tokens, or redirection to malicious sites. While the impact on system integrity and availability is minimal, the confidentiality breach could facilitate further attacks or data leakage. Organizations in sectors with high reliance on e-TMS for transport management, logistics, or supply chain operations may face operational disruptions if attackers leverage this vulnerability to compromise user accounts or inject malicious payloads. Given the need for user interaction, phishing campaigns or social engineering could be used to exploit this flaw. The absence of known exploits in the wild reduces immediate risk, but the medium severity score and lack of patches necessitate proactive measures to prevent exploitation.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Apply input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') within the '/clt/LOGINFRM_MRK.ASP' endpoint to neutralize malicious scripts. 2) Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3) Educate users about the risks of clicking on unsolicited links and implement email filtering to reduce phishing attempts. 4) Monitor web server logs for suspicious URL patterns targeting the vulnerable parameters. 5) If possible, isolate the e-TMS application behind a web application firewall (WAF) configured to detect and block reflected XSS payloads. 6) Coordinate with AndSoft for timely patch releases and apply updates as soon as they become available. 7) Conduct regular security assessments and penetration testing focusing on web input handling to identify similar vulnerabilities.