Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Remote code execution vulnerability in AndSoft's e-TMS, Patch Immediately!
Image
Veröffentlicht : 03/10/2025
* Last update: 03/10/2025
* Affected software: AndSoft's e-TMS
* Type: Remote code execution
* CVE/CVSS
→ CVE-2025-59735: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59735
Risks
A critical security flaw (CVE-2025-59735) has been found in AndSoft’s e-TMS software that could allow attackers to take full control of affected systems remotely. This means sensitive data could be stolen, operations disrupted, or the system could be used to launch further attacks. There is a high impact on the confidentiality, integrity and availability of the server data.
Description
A vulnerable web application hosting AndSoft's e-TMS can be exploited by a malicious actor to perform remote code execution. The vulnerable web pages are developed in ASP .NET and have a security flaw wherein the "m" parameter is used for sending commands in a POST request.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
This vulnerability is fixed as of version v25.04
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.