CVE-2025-34143

CRITICAL EXPLOITED NUCLEI

ETQ Reliance CG (legacy) < MP-4583 - Auth Bypass & RCE via SYSTEM Impersonation

Title source: llm

Exploitation Summary

CVE-2025-34143 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

Nuclei Templates (1)

ETQ Reliance - Authentication Bypass via Trailing Space

CRITICALVERIFIEDby slcyber,DhiyaneshDK

Shodan: html:"ETQ Reliance"

References (4)

Core 4

Core References

Various Sources product

https://www.etq.com/product-overview/

Various Sources vendor-advisory patch

https://www.etq.com/blog/etq-reliance-security-update/

Various Sources technical-description

https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rce

Scores

CVSS v4 9.3

EPSS 0.0250

EPSS Percentile 85.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-08-02

CWE

CWE-269 CWE-288 CWE-78

Status published

Products (1)

ETQ/Reliance CG (legacy) < MP-4583

Published Jul 22, 2025

Tracked Since Feb 18, 2026