216.73.217.22

CVE-2025-34143

· Published 22/07/2025 13:15 · Modified 22/07/2025 13:15

Labels: CVE-2025-34143 2025-07-22CVE-2025-34143CWE-78[email protected]

Essential information

Published
22/07/2025 13:15
Modified
22/07/2025 13:15
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
etq / etq reliance cpe:2.3:a:etq:etq_reliance:mp-4583:*:*:*:*:*:*:*
etq / etq reliance cpe:2.3:a:etq:etq_reliance:*:*:*:*:*:*:*:*

References