A critical operating system command injection vulnerability, identified as CVE-2025-59735, has been discovered in AndSoft's e-TMS software. This flaw allows an unauthenticated attacker to remotely execute arbitrary commands on the server, potentially leading to a complete system compromise. Due to its high severity (CVSS 9.8) and ease of exploitation, this vulnerability poses an immediate and significant risk of data theft, service disruption, and further network intrusion.

The vulnerability is an operating system command injection flaw within the e-TMS application. An attacker can exploit this by sending a specially crafted POST request to a vulnerable endpoint on the server. The application fails to properly sanitize user-supplied input within this request, allowing malicious operating system commands to be embedded and passed directly to the server's command-line interpreter for execution with the privileges of the web application service.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could grant an attacker full control over the affected server, leading to severe business consequences. These include the exfiltration of sensitive transportation, client, or financial data; the deployment of ransomware; complete disruption of logistics and transportation management services; and using the compromised server as a foothold to launch further attacks against the internal network. The potential for reputational damage and financial loss is extremely high.

Immediate Action: The primary remediation is to update AndSoft's e-TMS to the latest version provided by the vendor, which addresses this vulnerability. After patching, verify the update was successful. Concurrently, security teams should monitor for any exploitation attempts by reviewing web server access logs for suspicious POST requests, especially those directed at unknown or unusual endpoints.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Look for unusual patterns in POST requests, such as the inclusion of shell metacharacters (e.g., |, &, ;, $()). Monitor for unexpected outbound network connections from the e-TMS server, which could indicate a reverse shell. System administrators should also watch for unexpected processes being spawned by the web server's user account.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with strict rules to detect and block command injection attack patterns.
• Restrict network access to the e-TMS application, allowing connections only from trusted IP addresses and internal networks.
• Enhance network segmentation to isolate the e-TMS server from other critical internal systems, limiting the potential impact of a compromise.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate risk to the organization. We strongly recommend that organizations using the affected AndSoft e-TMS software prioritize applying the vendor-supplied patch immediately to all vulnerable systems. Although this vulnerability is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion. Proactive patching is the most effective defense against potential exploitation.