CVE-2025-34143
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-22

Last updated on: 2025-11-04

Assigner: VulnCheck

Description
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-22
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-07-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34143
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
etq reliance *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an authentication bypass in ETQ Reliance on the CG (legacy) platform. It allows an attacker to log in as the privileged internal SYSTEM user by manipulating the username field, since the SYSTEM account does not require a password. With network access to the login page, an attacker can gain elevated access and then execute remote code by modifying Jython scripts within the application. The issue was fixed by adding stricter validation to prevent internal accounts from being used in public authentication.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can gain unauthorized privileged access to the system without needing a password. This elevated access allows the attacker to execute arbitrary code remotely by modifying application scripts, potentially leading to full system compromise, data theft, or disruption of services.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade ETQ Reliance on the CG (legacy) platform to version MP-4583 or later, which includes stricter validation logic to exclude internal accounts from public authentication workflows, preventing unauthorized SYSTEM user logins.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart