CVE-2025-59743 – A critical SQL injection vulnerability in AndSo... (How to Fix)

Q: What is the severity of CVE-2025-59743?

CVE-2025-59743 has a CVSS score of 9.8 (CRITICAL). A critical SQL injection vulnerability in AndSoft's e-TMS v25.03 allows attackers to manipulate database operations by exploiting the 'SessionID' cookie in connection scripts. This affects all systems running the vulnerable version, potentially exposing sensitive data and system integrity.

📋 TL;DR

A critical SQL injection vulnerability in AndSoft's e-TMS v25.03 allows attackers to manipulate database operations by exploiting the 'SessionID' cookie in connection scripts. This affects all systems running the vulnerable version, potentially exposing sensitive data and system integrity.

💻 Affected Systems

Products:

AndSoft e-TMS

Versions: v25.03

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of e-TMS v25.03 when using the vulnerable CONNECTION.ASP script.

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, destruction, or ransomware deployment across the entire e-TMS system.

🟠

Likely Case

Unauthorized data access and manipulation, potentially exposing sensitive business information and user credentials.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules are in place, though risk remains elevated.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a crafted POST request with malicious SQL in the SessionID cookie.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v25.04 or later

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: Yes

Instructions:

1. Download latest version from AndSoft vendor portal. 2. Backup current installation and database. 3. Install update following vendor documentation. 4. Restart application services.

🔧 Temporary Workarounds

Input Validation Filter

windows

Add SQL injection filtering for SessionID parameter in CONNECTION.ASP

Modify CONNECTION.ASP to sanitize SessionID input using parameterized queries

WAF Rule Implementation

all

Block SQL injection patterns in SessionID cookies

Configure WAF to detect and block SQL patterns in cookie values

🧯 If You Can't Patch

Implement network segmentation to isolate e-TMS from critical systems
Deploy web application firewall with SQL injection detection rules

🔍 How to Verify

Check if Vulnerable:

Test by sending POST request with SQL injection payload in SessionID cookie to /inc/connect/CONNECTION.ASP

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Verify version is v25.04+ and test SQL injection attempts are properly rejected

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from web server
Multiple failed login attempts with SQL patterns

Network Indicators:

POST requests to CONNECTION.ASP with SQL patterns in cookies
Unusual database traffic from web server

SIEM Query:

source="web_logs" AND uri="/inc/connect/CONNECTION.ASP" AND cookie="*SELECT*" OR cookie="*UNION*" OR cookie="*INSERT*"

📊 Metadata

CVE ID: CVE-2025-59743

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.06% exploit probability (18.4th percentile)

Published: October 2, 2025

Last Updated: October 2, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59743, you might also want to check these: