Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in AndSoft's e-TMS

Posted date 19/09/2025
Identificador
INCIBE-2025-0510
Importance
5 - Critical
Affected Resources
  • e-TMS, v25.03 version.
Description

INCIBE has coordinated the publication of 40 vulnerabilities: 8 critical, 1 high and 31 medium severity, affecting AndSoft's e-TMS, an integrated transport management software. The vulnerabilities were discovered by Maximilian Hildebrand (m10x.de).

These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type for each vulnerability:

  • CVE-2025-59735 to CVE-2025-59742: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-77
  • CVE-2025-59743 to CVE-2025-59744: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89
  • CVE-2025-59745: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-22
  • CVE-2025-59746: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-327
  • CVE-2025-59747 to CVE-2025-59774: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Solution

No solution has been reported at this time.

Detail
  • Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameters and assigned identifiers is as follows:
    • CVE-2025-59735: 'm' parameter in '/clt/LOGINFRM.ASP'.
    • CVE-2025-59736: 'm' parameter in '/clt/LOGINFRM_DJO.ASP'.
    • CVE-2025-59737: 'm' parameter in '/clt/LOGINFRM_LXA.ASP'.
    • CVE-2025-59738: 'm' parameter in '/clt/LOGINFRM_BET.ASP'.
    • CVE-2025-59739: 'm' parameter in '/clt/LOGINFRM_original.ASP'.
    • CVE-2025-59740: 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
    • CVE-2025-59741: 'm' parameter in '/CLT/LOGINERRORFRM.ASP'.
  • SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameters and assigned identifiers is as follows:
    • CVE-2025-59742: 'USRMAIL' parameter in'/inc/login/TRACK_REQUESTFRMSQL.ASP'.
    • CVE-2025-59743: 'SessionID' cookie  in '/inc/connect/CONNECTION.ASP'.
  • CVE-2025-59744: Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”.
  • CVE-2025-59745: Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.
  • Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameters and assigned identifiers is as follows:
    • CVE-2025-59746: 'm' parameter in '/lib/asp/alert.asp'.
    • CVE-2025-59747: 'l' parameter in '/clt/resetPassword.asp'.
    • CVE-2025-59748:  'l' and 'reset' parameters in '/clt/changepassword.asp'.
    • CVE-2025-59749: 'l' parameter in '/clt/TRACK_REQUEST.ASP'. l
    • 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in :
      • CVE-2025-59750: '/clt/LOGINFRM.ASP'.
      • CVE-2025-59751: '/clt/LOGINFRM_DJO.ASP'.
      • CVE-2025-59752: '/clt/LOGINFRM_LXA.ASP'.
      • CVE-2025-59753: '/clt/LOGINFRM_BET.ASP'.
      • CVE-2025-59754: en'/clt/LOGINFRM_original.ASP'.
      • CVE-2025-59755: '/clt/LOGINFRM_CAT.ASP'.
      • CVE-2025-59756: 'SuppConn in /clt/LOGINFRM_CON.ASP'.
      • CVE-2025-59757: '/clt/LOGINFRM_CATOLD.ASP'.
      • CVE-2025-59758: '/clt/LOGINFRM_CYLOG.ASP'.
      • CVE-2025-59759: '/clt/LOGINFRM_DELCROIX.ASP'.
      • CVE-2025-59760: '/clt/LOGINFRM_DHL.ASP'.
      • CVE-2025-59761: '/clt/LOGINFRM_DLG.ASP'.
      • CVE-2025-59762: '/clt/LOGINFRM_EFLOG.ASP'.
      • CVE-2025-59763: '/clt/LOGINFRM_EK.ASP'.
      • CVE-2025-59764: '/clt/LOGINFRM_FCC.ASP'.
      • CVE-2025-59765: '/clt/LOGINFRM_LF.ASP'.
      • CVE-2025-59766: '/clt/LOGINFRM_LT.ASP'.
      • CVE-2025-59767: '/clt/LOGINFRM_LVE.ASP'.
      • CVE-2025-59768: '/clt/LOGINFRM_MNG.ASP'.
      • CVE-2025-59769: '/clt/LOGINFRM_MOL.ASP'.
      • CVE-2025-59770: '/clt/LOGINFRM_MON.ASP'.
      • CVE-2025-59771: '/clt/LOGINFRM_MRK.ASP'.
      • CVE-2025-59772: '/clt/LOGINFRM_SIL.ASP'.
      • CVE-2025-59773: '/clt/LOGINFRM_TP.ASP'.
      • CVE-2025-59774: '/clt/LOGINFRM_VON.ASP'.
CVE
Explotación
No
References list
e-TMS
Etiquetas