A critical remote code execution vulnerability, identified as CVE-2025-59736, has been discovered in AndSoft's e-TMS software. This flaw allows an unauthenticated attacker to take full control of the underlying server by sending a specially crafted request, posing a severe risk to data confidentiality, integrity, and system availability. Immediate patching is required to mitigate the risk of a complete system compromise.

This is an operating system command injection vulnerability. An unauthenticated remote attacker can inject and execute arbitrary OS commands by sending a malicious POST request to a vulnerable component of the e-TMS application. The application fails to properly sanitize user-supplied input, allowing the commands to be passed directly to the server's operating system and executed with the privileges of the web service account.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the affected server, leading to severe business consequences. These include the theft or modification of sensitive transportation and logistics data, deployment of ransomware, disruption of critical business operations reliant on the e-TMS platform, and using the compromised server as a pivot point to launch further attacks against the internal network. The potential for data exfiltration, financial loss, and reputational damage is extremely high.

Immediate Action: Immediately update all instances of AndSoft's e-TMS to the latest patched version as recommended by the vendor. Prioritize patching for systems that are exposed to the internet. After patching, review access logs and system logs for any signs of compromise that may have occurred before the update was applied.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for suspicious POST requests in web server access logs, unexpected processes being spawned by the web server user (e.g., sh, bash, powershell), and unusual outbound network connections from the e-TMS server. Monitor for file modifications in the web root directory and temporary directories.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules designed to block OS command injection patterns (e.g., semicolons, pipe characters, &&). Restrict network access to the application to only trusted IP addresses and consider isolating the server from other critical network segments to limit the potential impact of a compromise.

Public Exploit Available: False

Given the critical CVSS score of 9.8, this vulnerability represents a significant and immediate threat to the organization. We strongly recommend that all affected AndSoft e-TMS instances are patched immediately, without delay. Although there is no evidence of active exploitation at this time, the high potential for impact makes proactive remediation an urgent priority. All mitigating actions, including patching and monitoring, should be tracked until completion.