CVE-2025-59737 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the se…
Critical CVSS: 9.3

CVE-2025-59737

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_LXA.ASP'.
Vendor
Andsoft
Product
E-tms
CWE
CWE-77
Yayın Tarihi
2025-10-02 14:15:46
Güncelleme
2025-10-02 20:13:13
Source Identifier
cve-coordination@incibe.es
KEV Date Added
-

Kategoriler

CWE-77 E-tms CRITICAL Andsoft 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms