CVE Alert: CVE-2025-59745 – AndSoft – e-TMS
CVE-2025-59745
Vulnerability in the cryptographic algorithm of AndSoft’s e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.
AI Summary Analysis
Risk verdict
Moderate risk with remote exploitation potential; a patch is available but there is no confirmed active exploitation.
Why this matters
MD5 remains cryptographically weak for password storage, enabling offline cracking if password hashes are exposed. A network-facing, unauthenticated pathway increases the chance of credential exposure and potential account compromise, with possible lateral movement if credentials are reused.
Most likely attack path
Attackers can reach the service over the network and attempt to obtain or leverage password hashes exposed by the authentication flow or data stores. No privileges or user interaction are required, and the vulnerability’s low complexity facilitates opportunistic attempts; once hashes are cracked, accounts may be exploited with scope remaining within the compromised service unless further controls exist.
Who is most exposed
organisations running older, unpatched deployments (on-premises or in legacy environments) that store passwords using MD5 are at higher risk; look for legacy upgrade cycles and backups containing unsalted MD5 hashes.
Detection ideas
- OdB: look for password hashes stored as 32-character MD5 values in databases/backups.
- Unusual login spikes from external IPs or repeated failed logins on the authentication endpoint.
- Increased CPU usage on authentication servers suggesting hash-cracking attempts.
- Anomalous password reset or account creation activity following credential access events.
- Logs showing MD5 usage in authentication/configuration files.
Mitigation and prioritisation
- Apply vendor patches to implement VNL 25001 or VNL 25010; treat as priority 2.
- Replace MD5-based password hashing with a modern algorithm (bcrypt/Argon2) with unique salts; enforce strong password policies.
- Enable MFA and tighten authentication controls; restrict exposed endpoints to trusted networks.
- Rotate affected credentials and mandate a post-patch password change for users.
- Strengthen monitoring and ensure patch verification and change-management documentation.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
