XML External Entity Injection Vulnerability in ETQ Reliance by ETQ
CVE-2025-34142

6.9MEDIUM

Key Information:

Vendor

Etq

Status
Reliance Cg (legacy)
Vendor
CVE Published:
22 July 2025

What is CVE-2025-34142?

An XML External Entity (XXE) injection vulnerability has been identified in ETQ Reliance's CG (legacy) platform, specifically affecting the /resources/sessions/sso endpoint. The vulnerability arises from the SAML authentication handler's failure to disable external entity resolution when processing XML input. This oversight allows malicious actors to craft SAML responses that can leverage external entity references, potentially leading to unauthorized access to sensitive files or enabling server-side request forgery (SSRF). ETQ has addressed this issue in newer versions by implementing a fix that disables external entity processing within the XML parser.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Reliance CG (legacy) *

Reliance CG (legacy) * < 2025.1.2

References

https://www.etq.com/product-overview/
product
https://www.etq.com/blog/etq-reliance-security-update/
vendor-advisorypatch
https://slcyber.io/assetnote-security-research-center/how...
technical-description

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Adam Kues and Shubham Shah of Assetnote
JSON
.