CVE-2025-59770 – This reflected cross-site scripting (XSS) vulne... (How to Fix)

Q: What is the severity of CVE-2025-59770?

CVE-2025-59770 has a CVSS score of 6.1 (MEDIUM). This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to inject malicious JavaScript via specially crafted URLs. When victims click these links, the attacker can steal session cookies, redirect users, or perform actions on their behalf. Organizations using e-TMS v25.03 with internet-facing login pages are affected.

📋 TL;DR

This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to inject malicious JavaScript via specially crafted URLs. When victims click these links, the attacker can steal session cookies, redirect users, or perform actions on their behalf. Organizations using e-TMS v25.03 with internet-facing login pages are affected.

💻 Affected Systems

Products:

AndSoft e-TMS

Versions: v25.03

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default login form at /clt/LOGINFRM_MON.ASP affecting parameters: l, demo, demo2, TNTLOGIN, UO, SuppConn

📦 What is this software?

E Tms by Andsoft

View all CVEs affecting E Tms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full system access, compromise sensitive data, and pivot to internal networks.

🟠

Likely Case

Session hijacking leading to unauthorized access, data theft, and potential privilege escalation within the e-TMS application.

🟢

If Mitigated

Limited to session token theft if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS requires user interaction but is trivial to exploit via phishing or malicious links

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version beyond v25.03

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Restart Required: Yes

Instructions:

1. Contact AndSoft for updated version. 2. Backup current installation. 3. Apply vendor-provided patch. 4. Restart application services. 5. Verify fix implementation.

🔧 Temporary Workarounds

Input Validation Filter

windows

Implement server-side input validation for the vulnerable parameters

Add parameter sanitization in LOGINFRM_MON.ASP before processing

Web Application Firewall Rule

all

Block malicious XSS payloads targeting the login form

WAF rule: deny requests containing <script> tags in l, demo, demo2, TNTLOGIN, UO, SuppConn parameters

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Test by injecting <script>alert('XSS')</script> into vulnerable parameters via URL

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Attempt XSS payload injection; verify script doesn't execute and input is properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in access logs
Multiple failed login attempts with script-like parameters

Network Indicators:

HTTP requests containing script tags in URL parameters
Suspicious referrer URLs

SIEM Query:

source="web_logs" AND (url="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-59770

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (16.4th percentile)

Published: October 2, 2025

Last Updated: October 2, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59770, you might also want to check these: