CVE-2025-34143
published 2025-07-22CVE-2025-34143: An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user…
PriorityP189critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
29.64%
98.0th percentile
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| etq | reliance_cg | < MP-4583 | MP-4583 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect authentication bypass attempts targeting ETQ Reliance by monitoring POST requests to /reliance/resources/sessions with a username value of 'SYSTEM ' (with trailing space) in the JSON body. ↗
- →A successful exploit response will contain both 'statusCode' and 'userId' fields in a JSON (application/json) response body — use these as confirmation matchers. ↗
- →Use Shodan query 'html:"ETQ Reliance"' to identify internet-exposed ETQ Reliance instances potentially vulnerable to this authentication bypass. ↗
- →Post-authentication RCE is achieved by modifying Jython scripts within the application; monitor for unexpected Jython script modifications after SYSTEM account logins. ↗
- ·The authentication bypass relies specifically on a trailing space appended to the username 'SYSTEM' (i.e., 'SYSTEM ') — the SYSTEM account requires no password, so any password value will succeed. ↗
- ·This vulnerability only affects ETQ Reliance on the CG (legacy) platform; non-legacy/CG deployments may not be affected. ↗
- ·The issue is fixed in version MP-4583, which introduces stricter validation logic to exclude internal accounts from public authentication workflows. ↗
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v93r-q3gh-68x8: An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform
ghsa_unreviewed·2025-07-22
CVE-2025-34143 [CRITICAL] CWE-78 GHSA-v93r-q3gh-68x8: An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
VulnCheck
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2025·CVSS 9.3
CVE-2025-34143 [CRITICAL] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
Affected: ETQ ETQ Reliance
Required Action: Apply remediations or mitigations per vendor instructions or di
No detection rules found.
Nuclei
ETQ Reliance - Authentication Bypass via Trailing Space
nuclei·CVSS 9.3
CVE-2025-34143 [CRITICAL] ETQ Reliance - Authentication Bypass via Trailing Space
ETQ Reliance - Authentication Bypass via Trailing Space
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
Template:
id: CVE-2025-34143
info:
name: ETQ Reliance - Authentication Bypass via Trailing Space
author: slcyber,DhiyaneshDK
severity: critic
https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/https://www.etq.com/blog/etq-reliance-security-update/https://www.etq.com/product-overview/https://www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rce
2025-07-22
Published
Exploited in the wild