Critical severityNVD Advisory· Published Jul 22, 2025· Updated Apr 15, 2026

CVE-2025-34143

Description

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/nvd
www.etq.com/blog/etq-reliance-security-update/nvd
www.etq.com/product-overview/nvd
www.vulncheck.com/advisories/etq-reliance-cg-authentication-bypass-via-trailing-space-rcenvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000