cbcvebase.
CVE-2025-34143
published 2025-07-22

CVE-2025-34143: An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user…

PriorityP189critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
29.64%
98.0th percentile
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

Affected

1 ranges
VendorProductVersion rangeFixed in
etqreliance_cg< MP-4583MP-4583

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /reliance/resources/sessions HTTP/1.1
path/reliance/resources/sessions
otherusername: "SYSTEM " (SYSTEM followed by trailing space)
command{"username":"SYSTEM ","password":"<any>"}
  • Detect authentication bypass attempts targeting ETQ Reliance by monitoring POST requests to /reliance/resources/sessions with a username value of 'SYSTEM ' (with trailing space) in the JSON body.
  • A successful exploit response will contain both 'statusCode' and 'userId' fields in a JSON (application/json) response body — use these as confirmation matchers.
  • Use Shodan query 'html:"ETQ Reliance"' to identify internet-exposed ETQ Reliance instances potentially vulnerable to this authentication bypass.
  • Post-authentication RCE is achieved by modifying Jython scripts within the application; monitor for unexpected Jython script modifications after SYSTEM account logins.
  • ·The authentication bypass relies specifically on a trailing space appended to the username 'SYSTEM' (i.e., 'SYSTEM ') — the SYSTEM account requires no password, so any password value will succeed.
  • ·This vulnerability only affects ETQ Reliance on the CG (legacy) platform; non-legacy/CG deployments may not be affected.
  • ·The issue is fixed in version MP-4583, which introduces stricter validation logic to exclude internal accounts from public authentication workflows.

CVSS provenance

nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.