A critical command injection vulnerability, identified as CVE-2025-59737, has been discovered in AndSoft's e-TMS software. This flaw allows an unauthenticated attacker to remotely execute arbitrary commands on the server, potentially leading to a complete system compromise, data theft, and service disruption. Due to its high severity and ease of exploitation, immediate remediation is strongly recommended.

This is an operating system command injection vulnerability. The application fails to properly sanitize user-supplied input that is used to construct a command executed by the underlying operating system. An unauthenticated attacker can exploit this by sending a specially crafted POST request containing malicious commands, which are then executed on the server with the privileges of the web application's user account.

This vulnerability is rated as critical with a CVSS score of 9.8, indicating a high risk to the organization. Successful exploitation could lead to a complete compromise of the affected server, allowing an attacker to steal, modify, or delete sensitive business data, disrupt critical logistics and transportation management operations, and use the compromised server as a pivot point to attack other systems within the internal network. The potential consequences include significant financial loss, reputational damage, and regulatory penalties related to data breaches.

Immediate Action: The primary remediation is to apply the security patch provided by the vendor. Organizations should update AndSoft's e-TMS to the latest secure version immediately. After patching, it is crucial to review server access logs and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected servers. Security teams should look for suspicious POST requests in web server logs, especially those containing shell command syntax (e.g., |, &&, ;, $(...)). Monitor for unexpected processes being spawned by the e-TMS application, unusual outbound network connections, and any modifications to critical system files.

Compensating Controls: If immediate patching is not feasible, consider implementing the following compensating controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block command injection attempts in POST requests.
• Restrict network access to the e-TMS application, allowing connections only from trusted IP addresses.
• Run the e-TMS service with the lowest possible user privileges to limit the impact of a potential compromise.

Public Exploit Available: False

Given the critical CVSS score of 9.8, this vulnerability poses a severe and immediate threat to the organization. We strongly recommend that all affected instances of AndSoft e-TMS be patched immediately, treating this as a top-priority security task. If patching cannot be performed right away, the compensating controls listed above should be implemented as a matter of urgency to reduce the attack surface. Continuous monitoring for indicators of compromise is essential, as the window for exploitation is likely to be short once a public exploit becomes available.