CVE-2025-34142
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-11-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| etq | reliance | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an XML External Entity (XXE) injection in the ETQ Reliance CG (legacy) platform's /resources/sessions/sso endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing attackers to craft SAML responses that invoke external entity references. This can lead to unauthorized retrieval of sensitive files or server-side request forgery (SSRF).
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could retrieve sensitive files from the server or perform server-side request forgery (SSRF), potentially leading to unauthorized access to internal resources or data exposure.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade ETQ Reliance on the CG (legacy) platform to version SE.2025.1 or 2025.1.2 or later, where external entity processing for the affected XML parser has been disabled to prevent XXE attacks.