A critical SQL injection vulnerability, identified as CVE-2025-59743, has been discovered in AndSoft's e-TMS software. This flaw allows an unauthenticated remote attacker to gain complete control over the application's database, enabling them to steal, modify, or delete sensitive business data. Due to the high severity (CVSS 9.8), immediate remediation is required to prevent significant data breaches and operational disruption.

This is an unauthenticated SQL injection vulnerability. The application fails to properly sanitize user-supplied input within a POST request, allowing a remote attacker to inject malicious SQL commands. By sending a specially crafted POST request to a vulnerable endpoint, an attacker can execute arbitrary queries on the backend database, bypassing all authentication and authorization controls to retrieve, create, update, and delete database content.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the application's database, resulting in severe business consequences. These include the theft of sensitive corporate and customer data, disruption of critical transportation and logistics operations managed by the e-TMS software, significant reputational damage, and potential regulatory fines. The ability for an attacker to alter or delete data threatens the integrity and availability of essential business functions.

Immediate Action: Organizations must immediately update affected instances of AndSoft e-TMS to the latest patched version as recommended by the vendor. Prioritize patching for all internet-facing systems. After patching, review access logs for any signs of compromise that may have occurred before the update was applied.

Proactive Monitoring: Monitor web application firewall (WAF), web server, and application logs for suspicious POST requests containing SQL keywords (e.g., UNION, SELECT, --, 'or 1=1'). Watch for unusual outbound network traffic from the database server, which could indicate data exfiltration. Implement alerts for high-volume or abnormal database query patterns.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules to detect and block SQL injection attack patterns in POST requests. Restrict access to the application to trusted IP ranges and enforce the principle of least privilege for the database user account connected to the application to limit the scope of potential damage.

Public Exploit Available: false

This vulnerability presents a critical and immediate risk to the organization. Although CVE-2025-59743 is not yet on the CISA KEV list, its 9.8 CVSS score signifies maximum impact and ease of exploitation, making it an attractive target for attackers. We strongly recommend that immediate action is taken to apply the vendor-supplied patch to all affected systems. If patching is delayed, the compensating controls outlined above must be implemented without delay to mitigate the risk of a severe data breach.