CVE-2025-59773 is a reflected Cross-Site Scripting (XSS) vulnerability identified in AndSoft's e-TMS version 25.03. This vulnerability arises from improper neutralization of user-supplied input during web page generation, specifically in the parameters 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_TP.ASP' endpoint. An attacker can craft a malicious URL containing JavaScript payloads embedded in these parameters. When a victim accesses this URL, the injected script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is classified under CWE-79, indicating failure to sanitize input properly before reflecting it in the web page output. The CVSS 4.0 base score is 5.1 (medium severity), reflecting that the attack vector is network-based, requires no privileges, no authentication, but does require user interaction (clicking the malicious link). The vulnerability has low impact on confidentiality and integrity, and no impact on availability. No known exploits are currently in the wild, and no patches have been published yet. The vulnerability was reserved on 2025-09-19 and published on 2025-10-02 by INCIBE, indicating recent discovery and disclosure.

For European organizations using AndSoft e-TMS v25.03, this vulnerability poses a moderate risk primarily to end users who access the vulnerable login page. Successful exploitation could lead to theft of session cookies or credentials, enabling attackers to impersonate legitimate users and access sensitive transportation management data. This could result in unauthorized access to shipment details, scheduling information, or internal communications, potentially disrupting logistics operations. While the vulnerability does not directly impact system availability or integrity, the compromise of user accounts could lead to further lateral attacks or data leakage. The requirement for user interaction (clicking a malicious link) limits the attack scope but does not eliminate risk, especially in environments where phishing attacks are common. European organizations with extensive supply chain and transportation management dependencies on AndSoft e-TMS are particularly at risk. Additionally, regulatory frameworks such as GDPR impose strict data protection requirements, and exploitation leading to data breaches could result in legal and financial penalties.

1. Immediate mitigation should focus on user awareness and phishing prevention to reduce the likelihood of users clicking malicious URLs. 2. Implement Web Application Firewall (WAF) rules to detect and block suspicious input patterns targeting the vulnerable parameters ('l', 'demo', 'demo2', 'TNTLOGIN', 'UO', 'SuppConn') in the '/clt/LOGINFRM_TP.ASP' endpoint. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the application. 4. Conduct input validation and output encoding on all user-supplied parameters to neutralize malicious scripts before rendering. 5. Monitor web server logs for unusual query strings or repeated attempts to exploit these parameters. 6. Coordinate with AndSoft for timely patch deployment once available; in the meantime, consider restricting access to the vulnerable login page to trusted networks or via VPN. 7. Use multi-factor authentication (MFA) to reduce the impact of credential theft resulting from XSS exploitation. 8. Regularly update and audit the e-TMS application and its dependencies to identify and remediate similar vulnerabilities proactively.