CVE-2025-34143

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

CVSS

No CVSS.

References

Link	Resource
https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
https://www.etq.com/blog/etq-reliance-security-update/
https://www.etq.com/product-overview/

Configurations

No configuration.

History

25 Jul 2025, 15:29

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de omisión de autenticación en ETQ Reliance en la plataforma CG (legacy). La aplicación permitía iniciar sesión como el usuario interno privilegiado del SYSTEM manipulando el campo de nombre de usuario. La cuenta de SYSTEM no requiere contraseña, lo que permite a los atacantes con acceso de red a la página de inicio de sesión obtener acceso elevado. Una vez autenticado, un atacante podría ejecutar código remoto modificando scripts Jython dentro de la aplicación. Este problema se resolvió introduciendo una lógica de validación más estricta para excluir las cuentas internas de los flujos de trabajo de autenticación públicos en la versión MP-4583.

22 Jul 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-22 13:15

Updated : 2025-07-25 15:29

NVD link : CVE-2025-34143

Mitre link : CVE-2025-34143

CVE.ORG link : CVE-2025-34143

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-269

Improper Privilege Management

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2025-34143", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-22T13:15:25.107", "references": [{"url": "https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.etq.com/blog/etq-reliance-security-update/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.etq.com/product-overview/", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en ETQ Reliance en la plataforma CG (legacy). La aplicaci\u00f3n permit\u00eda iniciar sesi\u00f3n como el usuario interno privilegiado del SYSTEM manipulando el campo de nombre de usuario. La cuenta de SYSTEM no requiere contrase\u00f1a, lo que permite a los atacantes con acceso de red a la p\u00e1gina de inicio de sesi\u00f3n obtener acceso elevado. Una vez autenticado, un atacante podr\u00eda ejecutar c\u00f3digo remoto modificando scripts Jython dentro de la aplicaci\u00f3n. Este problema se resolvi\u00f3 introduciendo una l\u00f3gica de validaci\u00f3n m\u00e1s estricta para excluir las cuentas internas de los flujos de trabajo de autenticaci\u00f3n p\u00fablicos en la versi\u00f3n MP-4583."}], "lastModified": "2025-07-25T15:29:44.523", "sourceIdentifier": "disclosure@vulncheck.com"}