CVE-2025-59745

HIGH

Andsoft E-tms - Broken Cryptographic Algorithm

Title source: rule

Description

Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to potential risks.

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-327

Status published

Products (1)

andsoft/e-tms 25.03

Published Oct 02, 2025

Tracked Since Feb 18, 2026