CVE-2025-59758 – This reflected cross-site scripting (XSS) vulne... (How to Fix)

Q: What is the severity of CVE-2025-59758?

CVE-2025-59758 has a CVSS score of 6.1 (MEDIUM). This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to inject malicious JavaScript via specially crafted URLs containing certain parameters. When victims click these malicious links, the attacker can execute arbitrary code in their browser sessions. This affects all users of the vulnerable e-TMS web application.

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to inject malicious JavaScript via specially crafted URLs containing certain parameters. When victims click these malicious links, the attacker can execute arbitrary code in their browser sessions. This affects all users of the vulnerable e-TMS web application.

💻 Affected Systems

Products:

AndSoft e-TMS

Versions: v25.03

Operating Systems: Windows (ASP-based application)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the login form component at /clt/LOGINFRM_CYLOG.ASP

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on client systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the application interface through injected content.

🟢

If Mitigated

Limited impact if proper input validation, output encoding, and Content Security Policy are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS typically requires user interaction (clicking malicious link) but is straightforward to exploit once the vulnerable parameters are identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: No

Instructions:

1. Contact AndSoft for patch availability. 2. Apply vendor-provided security update. 3. Test the fix in a non-production environment first.

🔧 Temporary Workarounds

Implement Input Validation and Output Encoding

windows

Add server-side validation and proper encoding for all user-supplied input in the affected ASP page.

Deploy Web Application Firewall (WAF)

all

Configure WAF rules to block XSS payloads targeting the vulnerable parameters.

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Monitor and filter malicious requests containing XSS payloads in the affected parameters

🔍 How to Verify

Check if Vulnerable:

Test by sending XSS payloads to the /clt/LOGINFRM_CYLOG.ASP endpoint with parameters l, demo, demo2, TNTLOGIN, UO, or SuppConn.

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Retest with the same XSS payloads after applying fixes; payloads should be properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing script tags or JavaScript in the vulnerable parameters
Unusual parameter values in login form requests

Network Indicators:

URLs containing encoded JavaScript payloads in query parameters
Requests to the vulnerable ASP page with suspicious parameter values

SIEM Query:

source="web_server" AND uri="/clt/LOGINFRM_CYLOG.ASP" AND (query="*<script*" OR query="*javascript:*" OR query="*onerror=*" OR query="*onload=*")

📊 Metadata

CVE ID: CVE-2025-59758

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.4th percentile)

Published: October 2, 2025

Last Updated: October 2, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59758, you might also want to check these: