CVE-2025-59749 – This reflected cross-site scripting (XSS) vulne... (How to Fix)

Q: What is the severity of CVE-2025-59749?

CVE-2025-59749 has a CVSS score of 6.1 (MEDIUM). This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers to inject malicious JavaScript via the 'l' parameter in the TRACK_REQUEST.ASP endpoint. When victims click a specially crafted URL, the attacker can execute arbitrary code in their browser session. Organizations using the vulnerable e-TMS version are affected.

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers to inject malicious JavaScript via the 'l' parameter in the TRACK_REQUEST.ASP endpoint. When victims click a specially crafted URL, the attacker can execute arbitrary code in their browser session. Organizations using the vulnerable e-TMS version are affected.

💻 Affected Systems

Products:

AndSoft e-TMS

Versions: v25.03

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default installation. Requires ASP/IIS environment.

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on client systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the application interface through injected content.

🟢

If Mitigated

Limited impact if proper input validation, output encoding, and Content Security Policy are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link). No authentication needed to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: No

Instructions:

1. Contact AndSoft for patch information. 2. Apply vendor-provided update when available. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Input Validation Filter

windows

Implement server-side validation to sanitize the 'l' parameter

Add input validation in TRACK_REQUEST.ASP for 'l' parameter

Web Application Firewall Rule

all

Block malicious requests containing XSS payloads in the 'l' parameter

Configure WAF to filter requests with script tags or JavaScript in URL parameters

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Test by accessing /clt/TRACK_REQUEST.ASP?l=<script>alert('XSS')</script> and checking if script executes

Check Version:

Check application version in interface or configuration files

Verify Fix Applied:

Retest with XSS payloads after applying fixes to confirm they're properly sanitized

📡 Detection & Monitoring

Log Indicators:

HTTP requests to TRACK_REQUEST.ASP with suspicious 'l' parameter values containing script tags or JavaScript

Network Indicators:

Unusual traffic patterns to the vulnerable endpoint with encoded payloads

SIEM Query:

source="web_logs" AND uri="/clt/TRACK_REQUEST.ASP" AND (query CONTAINS "<script>" OR query CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-59749

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.4th percentile)

Published: October 2, 2025

Last Updated: October 2, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59749, you might also want to check these: