QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34142

Published: Jul 22, 2025

Modified: May 15, 2026

PUBLISHED

Description

An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external entity references. This could enable attackers to retrieve sensitive files or perform server-side request forgery (SSRF). The issue was addressed by disabling external entity processing for the affected XML parser in versions SE.2025.1 and 2025.1.2.

Vendor	Product	Versions
ETQ	Reliance CG (legacy)	affected `0 - < SE.2025.1` affected `0 - < 2025.1.2`

Weaknesses (CWE)

References

https://www.etq.com/product-overview/

product

https://www.etq.com/blog/etq-reliance-security-update/

vendor-advisory

patch

https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

technical-description

https://www.vulncheck.com/advisories/etq-reliance-cg-xxe-injection-in-sso-saml-handler-copy

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.