A critical vulnerability has been identified in AndSoft's e-TMS software, designated CVE-2025-59740. This flaw allows an unauthenticated attacker to remotely execute arbitrary commands on the server, potentially leading to a complete system compromise. Due to its critical severity (CVSS score 9.8) and ease of exploitation, immediate action is required to prevent data theft, service disruption, and further network intrusion.

This is an operating system (OS) command injection vulnerability. An attacker can exploit this flaw by sending a specially crafted POST request to the e-TMS application. The application fails to properly sanitize user-supplied input within this request, allowing the attacker to inject and execute arbitrary OS commands with the privileges of the web server application. Successful exploitation does not require authentication and grants the attacker direct control over the underlying server operating system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. A successful exploit could have a devastating impact on the business. An attacker could gain complete control of the e-TMS server, leading to the theft or modification of sensitive transportation and logistics data, disruption of critical business operations, and financial loss. The compromised server could also be used as a foothold to launch further attacks against the internal network, deploy ransomware, or exfiltrate confidential company and customer information, resulting in significant reputational damage and potential regulatory penalties.

Immediate Action: The primary remediation is to immediately apply the security updates provided by the vendor. Organizations should update AndSoft's e-TMS software to the latest patched version that addresses this vulnerability. After patching, it is crucial to review web server and application access logs for any signs of compromise or exploitation attempts that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring of the affected systems. Security teams should look for suspicious POST requests in web server logs, particularly those containing shell commands (e.g., whoami, wget, curl, nc). Monitor for unexpected processes running on the server, unusual outbound network connections, and any modifications to critical system files.

Compensating Controls: If patching cannot be performed immediately, implement the following compensating controls to reduce risk:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block OS command injection attack patterns.
• Restrict network access to the e-TMS application, allowing connections only from trusted IP addresses and networks.
• Ensure the application is running with the principle of least privilege to limit the impact of a potential compromise.

Public Exploit Available: false

Due to the critical 9.8 CVSS score, this vulnerability represents a significant and immediate threat to the organization. We strongly recommend that all vulnerable instances of AndSoft's e-TMS be patched immediately, treating this as the highest priority. While it is not yet on the CISA KEV list, its severity makes it a prime target for exploitation. If immediate patching is not feasible, apply the recommended compensating controls without delay and create a definitive plan for patching as soon as possible.