A critical command injection vulnerability has been identified in AndSoft's e-TMS software, designated CVE-2025-59739. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server by sending a specially crafted web request. Successful exploitation could lead to a complete system compromise, resulting in data theft, operational disruption, and further network intrusion.

This is an operating system command injection vulnerability. An unauthenticated remote attacker can exploit this flaw by sending a crafted POST request to a vulnerable endpoint of the e-TMS application. The application fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary OS commands with the privileges of the web server's service account, leading to remote code execution (RCE).

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a severe and direct impact on business operations. A successful attack could lead to the complete compromise of the e-TMS server, enabling an attacker to steal sensitive logistics, financial, and customer data, disrupt supply chain operations by disabling the service, or use the compromised server as a foothold to move laterally across the corporate network. The potential consequences include significant financial loss, reputational damage, operational downtime, and regulatory penalties.

Immediate Action: Immediately apply the security patches provided by AndSoft to update the e-TMS application to the latest, non-vulnerable version. Prioritize patching for all internet-facing systems. After patching, monitor system and application logs for any signs of compromise that may have occurred before the patch was applied.

Proactive Monitoring:

• Web Server Logs: Review access logs for suspicious POST requests, particularly those containing shell commands (e.g., whoami, wget, curl) or special characters used in command injection (|, &, ;, $, `).
• Network Traffic: Monitor for unusual outbound network connections from the e-TMS server, which could indicate data exfiltration or a C2 (Command and Control) channel.
• Host-based Monitoring: Utilize EDR or HIDS to detect anomalous process creation, such as the web server process spawning a shell (e.g., sh, bash, powershell.exe).

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Web Application Firewall (WAF): Deploy a WAF with a strict ruleset designed to detect and block OS command injection patterns in POST requests.
• Network Segmentation: Restrict network access to the vulnerable application, allowing connections only from trusted IP addresses. Isolate the server from other critical internal network segments.
• Principle of Least Privilege: Ensure the service account running the e-TMS application has the minimum permissions necessary for its operation to limit the impact of a potential compromise.

Public Exploit Available: False

This vulnerability represents a critical risk to the organization and requires immediate attention. Due to the CVSS score of 9.8, which indicates a high-impact and easily exploitable flaw, all vulnerable instances of AndSoft e-TMS must be patched immediately, starting with internet-exposed systems. While this CVE is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime target for future exploitation. Organizations should assume imminent compromise if systems are left unpatched.