CVE-2025-59738 – This is a critical command injection vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-59738?

CVE-2025-59738 has a CVSS score of 9.8 (CRITICAL). This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows unauthenticated attackers to execute arbitrary operating system commands on the server via a POST request to '/clt/LOGINFRM_BET.ASP' with a malicious 'm' parameter. Organizations using this specific version of the e-TMS software are affected.

📋 TL;DR

This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows unauthenticated attackers to execute arbitrary operating system commands on the server via a POST request to '/clt/LOGINFRM_BET.ASP' with a malicious 'm' parameter. Organizations using this specific version of the e-TMS software are affected.

💻 Affected Systems

Products:

AndSoft e-TMS

Versions: v25.03

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration and requires no special settings to be exploitable.

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, lateral movement to other systems, and complete system takeover.

🟠

Likely Case

Unauthenticated remote code execution allowing attackers to install backdoors, steal sensitive data, or disrupt operations.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF filtering, and least privilege controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is trivial to exploit with a simple HTTP POST request containing command injection payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: No

Instructions:

1. Contact AndSoft for patch availability 2. Apply any available security updates 3. Test in non-production environment first

🔧 Temporary Workarounds

WAF Rule Implementation

all

Deploy web application firewall rules to block malicious requests containing command injection patterns

Input Validation Filter

all

Implement input validation to sanitize the 'm' parameter before processing

🧯 If You Can't Patch

Isolate the e-TMS server in a restricted network segment with no internet access
Implement strict network access controls and monitor all traffic to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check if e-TMS version is v25.03 and test with controlled command injection payloads in a safe environment

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Verify version has been updated beyond v25.03 and test that command injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to '/clt/LOGINFRM_BET.ASP' with shell metacharacters in parameters
Unexpected system command execution in server logs

Network Indicators:

HTTP POST requests containing command injection patterns (;, |, &, $, etc.) in the 'm' parameter

SIEM Query:

source="web_server" AND uri="/clt/LOGINFRM_BET.ASP" AND method="POST" AND (param_m CONTAINS ";" OR param_m CONTAINS "|" OR param_m CONTAINS "&")

📊 Metadata

CVE ID: CVE-2025-59738

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.45% exploit probability (63.1th percentile)

Published: October 2, 2025

Last Updated: October 2, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59738, you might also want to check these: