CVE-2025-34140

HIGH EPSS 45.9%

Published Jul 22, 202511mo ago · Modified Jun 17, 20261w ago

8.7 CVSS 4.0

High

Published Jul 22, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration in API authorization logic, which has since been corrected in SE.2025.1 and 2025.1.2.

CVSS Details

Base Score

8.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

45.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-639

References 3

etq.com https://www.etq.com/blog/etq-reliance-security-update/
etq.com https://www.etq.com/product-overview/
vulncheck.com https://www.vulncheck.com/advisories/etq-reliance-cg-nxg-api-authorization-bypass-via-localized-text-uri-suffix

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.