CVE-2025-59772 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. This vulnerability arises from improper neutralization of input during web page generation, specifically involving the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_SIL.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript code embedded in these parameters, which when accessed by a victim, executes in the victim's browser context. This reflected XSS does not require prior authentication and can be exploited remotely by enticing users to click on a malicious link. The CVSS 4.0 base score is 5.1, indicating a medium severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:A). The impact on confidentiality is low, as the vulnerability primarily allows script execution in the victim's browser, potentially leading to session hijacking or phishing. Integrity and availability impacts are minimal or none. The vulnerability scope is limited to the web interface of the e-TMS product. No known exploits are currently in the wild, and no patch links have been published yet. The vulnerability was published on October 2, 2025, and assigned by INCIBE. The CWE classification is CWE-79, which corresponds to improper neutralization of input leading to XSS.

For European organizations using AndSoft's e-TMS v25.03, this vulnerability poses a risk of client-side attacks such as session hijacking, credential theft, or unauthorized actions performed in the context of the victim's session. Since e-TMS is a transport management system, it likely handles sensitive logistics and operational data. Exploitation could lead to unauthorized access to shipment details, manipulation of transport schedules, or leakage of confidential business information. The requirement for user interaction (clicking a malicious link) means phishing campaigns could be a vector, potentially targeting employees with access to the system. The medium severity score reflects moderate risk; however, the impact could be amplified if attackers combine this with social engineering or other vulnerabilities. Disruption to logistics operations could have downstream effects on supply chains, especially for critical sectors like manufacturing, retail, or healthcare logistics within Europe. Confidentiality breaches could also contravene GDPR requirements if personal data is exposed or manipulated.

1. Immediate mitigation should include implementing strict input validation and output encoding on all affected parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM_SIL.ASP' endpoint to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the e-TMS application. 3. Educate users about phishing risks and encourage caution when clicking on links, especially those received via email or messaging platforms. 4. Monitor web server logs for unusual query parameters or repeated attempts to exploit the vulnerability. 5. Segregate the e-TMS application network segment and enforce strict access controls to limit exposure. 6. Coordinate with AndSoft for timely patch releases and apply updates as soon as they become available. 7. Implement web application firewalls (WAF) with rules to detect and block reflected XSS payloads targeting the affected parameters. 8. Conduct regular security assessments and penetration testing focusing on input validation and session management controls within the e-TMS environment.