A critical remote code execution vulnerability, identified as CVE-2025-59738, has been discovered in AndSoft's e-TMS software. This flaw allows an unauthenticated attacker to take complete control of the underlying server by sending a malicious request, posing a severe risk of data theft, service disruption, and further network intrusion. Due to its critical severity (CVSS 9.8), immediate patching is required to mitigate the threat.

This is an operating system (OS) command injection vulnerability. An unauthenticated remote attacker can craft a special POST request containing arbitrary OS commands and send it to an exposed endpoint of the e-TMS application. The application fails to properly sanitize the user-supplied input within this request, causing the commands to be executed on the server with the privileges of the web application's user account, leading to a full system compromise.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the affected server, leading to severe business consequences. These include the theft of sensitive business and customer data, deployment of ransomware, complete disruption of transportation management services, and using the compromised server as a launchpad to attack other systems within the corporate network. The potential for significant financial loss, reputational damage, and operational downtime is extremely high.

Immediate Action: Immediately apply the security update provided by AndSoft to upgrade all instances of e-TMS to the latest, non-vulnerable version. Before and after patching, closely monitor for any signs of compromise by reviewing application and web server access logs for suspicious POST requests or anomalous outbound network activity.

Proactive Monitoring: Implement enhanced logging and monitoring focused on the e-TMS application. Specifically, search for POST requests containing shell metacharacters (e.g., ;, |, &&, $(), `), unexpected child processes spawned by the web server process, and any unusual outbound network connections from the e-TMS server. Intrusion Detection/Prevention Systems (IDS/IPS) should be updated with signatures to detect command injection attempts.

Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with strict rules to inspect and block malicious POST requests targeting the application. Restrict network access to the e-TMS web interface, permitting connections only from trusted IP addresses. Egress filtering should also be implemented on the server's firewall to block unauthorized outbound connections.

Public Exploit Available: False

This vulnerability represents a critical and immediate threat to the organization. We strongly recommend that all affected AndSoft e-TMS instances be patched immediately, treating this as an emergency change. Although this CVE is not currently on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high CVSS score and the ease of exploitation make it a prime candidate for future inclusion and widespread attacks. Proactive patching and vigilant monitoring are the most effective measures to prevent a compromise.