CVE-2025-34143
ETQ Reliance CG Authentication Bypass via Trailing Space RCE
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 15, 2025
- Published Date
- July 22, 2025
- Last Updated
- May 15, 2026
- Vendor
- ETQ
- Product
- Reliance CG (legacy)
- Description
- An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
- Tags
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-11-11 00:00:00 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v4.0
9.3 - CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SSVC Information
Exploit Status
References
https://www.etq.com/product-overview/
https://www.etq.com/blog/etq-reliance-security-update/
https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
https://www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rce
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-11-11 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34143.yaml | 2026-06-01 15:34:41 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei