CVE-2025-34140
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-11-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| etq | reliance | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authorization bypass in ETQ Reliance's legacy CG and NXG SaaS platforms. An unauthenticated attacker can append a specific URI suffix to certain API endpoints to bypass access control checks and retrieve limited sensitive resources. The issue was caused by a misconfiguration in the API authorization logic, which has been fixed in later versions SE.2025.1 and 2025.1.2.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to access limited sensitive resources without proper authorization, potentially leading to unauthorized disclosure of sensitive information and compromising the security of the affected system.
What immediate steps should I take to mitigate this vulnerability?
Immediate steps to mitigate this vulnerability include applying the corrected versions SE.2025.1 or 2025.1.2 of ETQ Reliance, which fix the API authorization logic misconfiguration. Until patches are applied, restrict access to the affected API endpoints and monitor for suspicious requests that append unusual URI suffixes to these endpoints.