XML External Entity Injection Vulnerability in ETQ Reliance by ETQ
CVE-2025-34142

6.9MEDIUM

Key Information:

Vendor: Etq
Status: Reliance Cg (legacy)
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-34142?

An XML External Entity (XXE) injection vulnerability has been identified in ETQ Reliance's CG (legacy) platform, specifically affecting the /resources/sessions/sso endpoint. The vulnerability arises from the SAML authentication handler's failure to disable external entity resolution when processing XML input. This oversight allows malicious actors to craft SAML responses that can leverage external entity references, potentially leading to unauthorized access to sensitive files or enabling server-side request forgery (SSRF). ETQ has addressed this issue in newer versions by implementing a fix that disables external entity processing within the XML parser.

Affected Version(s)

Reliance CG (legacy) *

Reliance CG (legacy) * < 2025.1.2

References

https://www.etq.com/product-overview/

product

https://www.etq.com/blog/etq-reliance-security-update/

vendor-advisorypatch

https://slcyber.io/assetnote-security-research-center/how...

technical-description

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Adam Kues and Shubham Shah of Assetnote

Etq

What is CVE-2025-34142?

Affected Version(s)

References

CVSS V4

Timeline

Credit