QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34143

Published: Jul 22, 2025

Modified: May 15, 2026

PUBLISHED

Description

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

Vendor	Product	Versions
ETQ	Reliance CG (legacy)	affected `0 - < MP-4583`

Weaknesses (CWE)

References

https://www.etq.com/product-overview/

product

https://www.etq.com/blog/etq-reliance-security-update/

vendor-advisory

patch

https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

technical-description

https://www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.