CVE Alert: CVE-2025-59745 - AndSoft - e-TMS

CVE-2025-59745

UnknownNo exploitation known

Vulnerability in the cryptographic algorithm of AndSoft’s e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.

CVSS v3.1 not provided

Vendor

AndSoft

Product

e-TMS

Versions

v25.03 version

CWE

CWE-327, CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Vector

n a

Published

2025-10-02T14:18:52.916Z

Updated

2025-10-02T15:46:49.054Z

References

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

AI Summary Analysis

Risk verdict

Moderate risk with remote exploitation potential; a patch is available but there is no confirmed active exploitation.

Why this matters

MD5 remains cryptographically weak for password storage, enabling offline cracking if password hashes are exposed. A network-facing, unauthenticated pathway increases the chance of credential exposure and potential account compromise, with possible lateral movement if credentials are reused.

Most likely attack path

Attackers can reach the service over the network and attempt to obtain or leverage password hashes exposed by the authentication flow or data stores. No privileges or user interaction are required, and the vulnerability’s low complexity facilitates opportunistic attempts; once hashes are cracked, accounts may be exploited with scope remaining within the compromised service unless further controls exist.

Who is most exposed

organisations running older, unpatched deployments (on-premises or in legacy environments) that store passwords using MD5 are at higher risk; look for legacy upgrade cycles and backups containing unsalted MD5 hashes.

Detection ideas

OdB: look for password hashes stored as 32-character MD5 values in databases/backups.
Unusual login spikes from external IPs or repeated failed logins on the authentication endpoint.
Increased CPU usage on authentication servers suggesting hash-cracking attempts.
Anomalous password reset or account creation activity following credential access events.
Logs showing MD5 usage in authentication/configuration files.

Mitigation and prioritisation

Apply vendor patches to implement VNL 25001 or VNL 25010; treat as priority 2.
Replace MD5-based password hashing with a modern algorithm (bcrypt/Argon2) with unique salts; enforce strong password policies.
Enable MFA and tighten authentication controls; restrict exposed endpoints to trusted networks.
Rotate affected credentials and mandate a post-patch password change for users.
Strengthen monitoring and ensure patch verification and change-management documentation.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: andsoft, CVE, cve-2025-59745, e-tms, OSINT, threatintel