CVE Alert: CVE-2025-59744 - AndSoft - e-TMS

CVE-2025-59744

UnknownNo exploitation known

Path traversal vulnerability in AndSoft’s e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”.

CVSS v3.1 not provided

Vendor

AndSoft

Product

e-TMS

Versions

v25.03 version

CWE

CWE-22, CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Vector

n a

Published

2025-10-02T14:16:32.701Z

Updated

2025-10-02T15:46:56.102Z

References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

AI Summary Analysis

Risk verdict

High potential impact if unpatched, due to remote, unauthenticated path traversal; no exploitation observed to date, but patches are available and should be applied promptly.

Why this matters

attacker could read sensitive files within the web root, risking exposure of configuration, credentials, or personal data. The remote nature raises the potential for broader reconnaissance or chain-exploitation in exposed environments.

Most likely attack path

Public web access to the affected interface enables sending crafted docurl parameters to trigger file disclosure without authentication or user interaction. Exploitation relies on manipulating the path to traverse within the web root; attacker gains read access to restricted files, with no privilege escalation required and Scope unchanged, limiting impact to the compromised web tier unless additional flaws exist.

Who is most exposed

Organisations deploying e-TMS in externally reachable web environments (on-premises or hosted) are at greatest risk, particularly where web servers or proxies expose the library path without proper access controls.

Detection ideas

Web server logs show requests to /lib/asp/DOCSAVEASASP.ASP?docurl= with traversal patterns.
Attempts to access restricted or sensitive files under the web root (e.g., config or credential files) via docurl parameters.
Anomalous 403/404 responses to legitimate docroot files after traversal attempts.
Sudden spikes in parameterised requests from diverse IPs targeting the DOCSAVEASASP.ASP endpoint.
Scanner or IDS signatures flagging path traversal payloads targeting ASP endpoints.

Mitigation and prioritisation

Apply patches VNL 25001 and VNL 25010; confirm deployment across all instances.
Harden web server access: restrict external access to the affected endpoint; enforce least privilege for file reads.
Deploy a WAF rule to block path traversal patterns and abnormal docurl values.
Verify file integrity and rotate credentials if any disclosure occurred.
Update change-management tickets and perform post-patch testing in staging before production rollout.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: andsoft, CVE, cve-2025-59744, e-tms, OSINT, threatintel