CVE-2025-59737
Published: 02 October 2025
Description
Adversaries may abuse the Windows command shell for execution.
Security Summary
CVE-2025-59737 is an operating system command injection vulnerability (CWE-77, CWE-78) affecting AndSoft's e-TMS version 25.03. The flaw resides in the handling of the 'm' parameter within the '/clt/LOGINFRM_LXA.ASP' endpoint, where unsanitized input from a POST request can be executed as operating system commands on the server. Assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it represents critical risk due to its high impact on confidentiality, integrity, and availability.
The vulnerability can be exploited remotely by unauthenticated attackers over the network with low complexity and no user interaction required. By crafting a malicious POST request targeting the vulnerable parameter, an attacker gains the ability to execute arbitrary operating system commands on the affected server, potentially leading to full system compromise, data exfiltration, persistence, or further lateral movement within the environment.
Mitigation details for CVE-2025-59737 and related vulnerabilities in AndSoft's e-TMS are outlined in the INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms, published as part of a notice on multiple flaws dated 2024-09-20. Security practitioners should consult this reference for patching instructions and workarounds.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
CVE-2025-59737 is a command injection in a public-facing web endpoint (.ASP suggests Windows), directly enabling T1190 (Exploit Public-Facing Application) for unauthenticated RCE and T1059.003 (Windows Command Shell) for arbitrary OS command execution.