Login Sign Up

CVE-2025-59752

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to inject malicious JavaScript via specially crafted URLs. When victims click these links, the attacker can steal session cookies, redirect users, or perform actions on their behalf. Organizations using e-TMS v25.03 with internet-facing login pages are primarily affected.

💻 Affected Systems

Products:
  • AndSoft e-TMS
Versions: v25.03
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the login form component accessible via '/clt/LOGINFRM_LXA.ASP' with specific parameters.

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full system access, compromise sensitive data, and pivot to internal networks.

🟠

Likely Case

Session hijacking leading to unauthorized access, data theft, or defacement of the application interface.

🟢

If Mitigated

Limited to minor data leakage or temporary disruption if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but is trivial to craft once parameter details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: No

Instructions:

1. Contact AndSoft vendor for security updates. 2. Apply any available patches for e-TMS v25.03. 3. Test in staging environment before production deployment.

🔧 Temporary Workarounds

Input Validation Filter

windows

Implement server-side validation to sanitize 'l, demo, demo2, TNTLOGIN, UO, SuppConn' parameters in login forms.

ASP code modifications required - no single command

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block XSS payloads targeting the vulnerable parameters.

WAF-specific configuration required

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) headers to restrict script execution
  • Disable external access to '/clt/LOGINFRM_LXA.ASP' via network controls

🔍 How to Verify

Check if Vulnerable:

Test by injecting XSS payloads into the vulnerable parameters and checking if scripts execute in browser responses.

Check Version:

Check application interface or configuration files for e-TMS version information

Verify Fix Applied:

Re-test with XSS payloads after fixes; scripts should be properly encoded or blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual parameter values in '/clt/LOGINFRM_LXA.ASP' requests containing script tags or JavaScript

Network Indicators:

  • HTTP requests with XSS patterns in query parameters

SIEM Query:

source="web_server" AND uri="/clt/LOGINFRM_LXA.ASP" AND (query CONTAINS "<script>" OR query CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-59752
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (16.4th percentile)
Published: October 2, 2025
Last Updated: October 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59752, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)