CVE-2025-34143
ETQ Reliance CG Authentication Bypass via Trailing Space RCE
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
ETQ Reliance CG Authentication Bypass via Trailing Space RCE
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
Reserved 2025-04-15 | Published 2025-07-22 | Updated 2025-07-22 | Assigner VulnCheckCWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-269 Improper Privilege Management
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Adam Kues and Shubham Shah of Assetnote
www.etq.com/product-overview/
www.etq.com/blog/etq-reliance-security-update/
slcyber.io/...-code-execution-vulnerability-in-etq-reliance/
Support options
