Reflected XSS Vulnerability in ETQ Reliance CG Platform
CVE-2025-34141

5.1MEDIUM

Key Information:

Vendor: Etq
Status: Reliance Cg (legacy)
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-34141?

A reflected cross-site scripting (XSS) vulnerability has been identified in the ETQ Reliance CG legacy platform, specifically within the SQLConverterServlet component. This security flaw enables an attacker to execute unauthorized scripts within the user's browser context, requiring user interaction to exploit, such as clicking on a specially crafted link. The vulnerability's impact is exacerbated by the servlet being unnecessarily exposed to authenticated users, which has led to it being disabled in version SE.2025.1. Users are advised to upgrade to this version or later to enhance their security posture.

Affected Version(s)

Reliance CG (legacy) *

References

https://www.etq.com/product-overview/

product

https://www.etq.com/blog/etq-reliance-security-update/

vendor-advisorypatch

https://slcyber.io/assetnote-security-research-center/how...

technical-description

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Adam Kues and Shubham Shah of Assetnote

Etq

What is CVE-2025-34141?

Affected Version(s)

References

CVSS V4

Timeline

Credit