CVE-2025-34143
CRITICAL EPSS 98.0%
Published Jul 22, 202511mo ago · Modified Jun 17, 20261w ago
9.3 CVSS 4.0
Published Jul 22, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago
Description
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
98.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 3
CWE-269 Improper Privilege Management Authorization
CWE-288
CWE-78 OS Command Injection Injection
References 4
- slcyber.io https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
- etq.com https://www.etq.com/blog/etq-reliance-security-update/
- etq.com https://www.etq.com/product-overview/
- vulncheck.com https://www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rce
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.