CVE-2025-59737

CriticalRCE

Published: 02 October 2025

Published

02 October 2025

Modified

02 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0027 49.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59737 is a critical-severity Command Injection (CWE-77) vulnerability in Andsoft E-Tms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by validating and sanitizing the unsanitized 'm' parameter in POST requests to '/clt/LOGINFRM_LXA.ASP'.

SI-2 Flaw Remediation good match

prevent

Remediates the specific command injection flaw in e-TMS v25.03 through timely patching as outlined in the INCIBE-CERT advisory.

SC-7 Boundary Protection partial match

preventdetect

Boundary protection with web application firewalls monitors and blocks malicious POST requests exploiting the vulnerable endpoint.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.003 Windows Command Shell Execution

Adversaries may abuse the Windows command shell for execution.

attack.mitre.org →

Why these techniques?

CVE-2025-59737 is a command injection in a public-facing web endpoint (.ASP suggests Windows), directly enabling T1190 (Exploit Public-Facing Application) for unauthenticated RCE and T1059.003 (Windows Command Shell) for arbitrary OS command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_LXA.ASP'.

Deeper analysisAI

CVE-2025-59737 is an operating system command injection vulnerability (CWE-77, CWE-78) affecting AndSoft's e-TMS version 25.03. The flaw resides in the handling of the 'm' parameter within the '/clt/LOGINFRM_LXA.ASP' endpoint, where unsanitized input from a POST request can be executed as operating system commands on the server. Assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it represents critical risk due to its high impact on confidentiality, integrity, and availability.

The vulnerability can be exploited remotely by unauthenticated attackers over the network with low complexity and no user interaction required. By crafting a malicious POST request targeting the vulnerable parameter, an attacker gains the ability to execute arbitrary operating system commands on the affected server, potentially leading to full system compromise, data exfiltration, persistence, or further lateral movement within the environment.

Mitigation details for CVE-2025-59737 and related vulnerabilities in AndSoft's e-TMS are outlined in the INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms, published as part of a notice on multiple flaws dated 2024-09-20. Security practitioners should consult this reference for patching instructions and workarounds.