CVE-2025-34143

CRITICAL EXPLOITED NUCLEI

ETQ Reliance CG - Auth Bypass

Title source: llm

Description

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

Nuclei Templates (1)

ETQ Reliance - Authentication Bypass via Trailing Space

CRITICALVERIFIEDby slcyber,DhiyaneshDK

Shodan: html:"ETQ Reliance"

References (4)

[Various Sources] https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

[Various Sources] https://www.etq.com/blog/etq-reliance-security-update/

[Various Sources] https://www.etq.com/product-overview/

[Third Party Advisory] https://www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rce

Scores

CVSS v4 9.3

EPSS 0.0188

EPSS Percentile 83.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

VulnCheck KEV 2025-08-02

CWE

CWE-269 CWE-288 CWE-78

Status published

Products (1)

ETQ/Reliance CG (legacy) < MP-4583

Published Jul 22, 2025

Tracked Since Feb 18, 2026