CVE-2025-59745 Overview
CVE-2025-59745 is a cryptographic weakness in AndSoft's e-TMS v25.03, a transport management system. The application uses the MD5 hash algorithm to protect user passwords. MD5 is a broken cryptographic primitive that is vulnerable to collision attacks and can be brute-forced quickly with commodity GPU hardware. Attackers who obtain stored or transmitted password hashes can recover plaintext credentials and reuse them against the application or related services. The flaw is tracked under CWE-327: Use of a Broken or Risky Cryptographic Algorithm and was published through Spain's INCIBE-CERT advisory program.
Critical Impact
Recovered credentials enable account takeover of e-TMS users and lateral movement into logistics and transport workflows managed by the platform.
Affected Products
- AndSoft e-TMS v25.03
Discovery Timeline
- 2025-10-02 - CVE CVE-2025-59745 published to NVD
- 2025-10-02 - Last updated in NVD database
Technical Details for CVE-2025-59745
Vulnerability Analysis
The e-TMS application stores or transmits user passwords protected only by MD5. MD5 produces a 128-bit digest and has been considered cryptographically broken for password storage for over a decade. Modern GPU rigs compute billions of MD5 hashes per second, allowing offline cracking of common passwords in seconds and complex passwords in hours.
The algorithm also lacks any built-in work factor, salt requirement, or memory hardness. If the e-TMS implementation omits per-user salting, attackers can precompute rainbow tables or apply existing leaked-password databases directly. Recovered credentials feed credential stuffing and account takeover against the e-TMS web interface.
Root Cause
The root cause is the selection of MD5 as the password protection primitive. Secure password storage requires adaptive, salted key-derivation functions such as bcrypt, scrypt, Argon2id, or PBKDF2 with high iteration counts. MD5 was designed as a fast general-purpose hash and is unsuitable for protecting authentication secrets.
Attack Vector
An attacker first needs access to the MD5 password digests. Access paths include exploitation of a separate database or backup exposure flaw, interception of password material in transit, insider access to storage, or any companion vulnerability that leaks hash values. Once digests are in hand, the attacker runs offline dictionary and brute-force attacks using tools such as hashcat or John the Ripper. Recovered passwords are then replayed against the e-TMS login endpoint over the network.
The vulnerability does not by itself yield code execution or data integrity impact, but it directly undermines the confidentiality of user credentials.
Detection Methods for CVE-2025-59745
Indicators of Compromise
- Password hash strings of exactly 32 hexadecimal characters in e-TMS database tables or backups, indicating raw MD5 storage.
- Authentication logs showing successful logins from unfamiliar geolocations or ASNs shortly after a database, backup, or log exposure incident.
- Repeated failed logins followed by a successful login for the same account, consistent with credential replay after offline cracking.
Detection Strategies
- Inspect the e-TMS user table schema and sample hash values to confirm whether MD5 is in use and whether per-user salts are present.
- Monitor outbound database traffic and backup transfer jobs for anomalous volumes that could indicate hash exfiltration.
- Correlate e-TMS authentication events with threat intelligence on credential stuffing infrastructure.
Monitoring Recommendations
- Enable verbose authentication logging on the e-TMS application and forward events to a centralized SIEM for behavioral analysis.
- Alert on logins outside business hours, from new devices, or from impossible-travel patterns for privileged e-TMS accounts.
- Track password reset and change events to identify reactive activity following a suspected credential leak.
How to Mitigate CVE-2025-59745
Immediate Actions Required
- Contact AndSoft to confirm patch availability and apply any vendor update that replaces MD5 with a modern password hashing function.
- Force a password reset for all e-TMS users and require strong, unique passwords aligned with current NIST SP 800-63B guidance.
- Restrict network exposure of the e-TMS application and its database to trusted management networks only.
- Review and rotate any service or integration credentials that share passwords with e-TMS user accounts.
Patch Information
No vendor advisory URL is published in the NVD record at the time of writing. The vulnerability is documented in the INCIBE-CERT Security Notice for AndSoft e-TMS. Operators should request a fixed build directly from AndSoft and confirm that the replacement implementation uses a salted, adaptive KDF such as Argon2id or bcrypt.
Workarounds
- Enforce multi-factor authentication on all e-TMS accounts so that recovered passwords alone are insufficient for login.
- Place e-TMS behind a reverse proxy or VPN that performs additional authentication and rate limiting on login attempts.
- Encrypt database backups at rest and restrict access to the password column to a minimal set of administrators.
- Deploy account lockout and anomaly-based throttling to slow credential stuffing attempts against the login endpoint.
# Example: identify MD5-style 32-hex password hashes in a database export
grep -E '^[a-f0-9]{32}$' etms_users_export.csv | wc -l
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
