High severityNVD Advisory· Published Jul 22, 2025· Updated Apr 15, 2026

CVE-2025-34140

Description

An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration in API authorization logic, which has since been corrected in SE.2025.1 and 2025.1.2.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.etq.com/blog/etq-reliance-security-update/nvd
www.etq.com/product-overview/nvd
www.vulncheck.com/advisories/etq-reliance-cg-nxg-api-authorization-bypass-via-localized-text-uri-suffixnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000