Authentication Bypass Vulnerability in ETQ Reliance by ETQ
CVE-2025-34143
What is CVE-2025-34143?
CVE-2025-34143 is an authentication bypass vulnerability found in ETQ Reliance, a software suite used for quality management and compliance processes. This vulnerability allows unauthorized users to log in as a privileged internal SYSTEM user by exploiting weaknesses in the username field. Since the SYSTEM account does not require a password, an attacker with network access to the application's login page can gain elevated privileges. Once authenticated, the attacker can achieve remote code execution by modifying Jython scripts within the application, which poses a significant risk to organizations that rely on ETQ Reliance for managing their quality and compliance frameworks.
Potential impact of CVE-2025-34143
-
Unauthorized Access: This vulnerability enables attackers to bypass standard authentication, allowing them to gain unauthorized access to sensitive data and functions within the ETQ Reliance application.
-
Remote Code Execution: With elevated privileges, attackers can execute arbitrary code by altering Jython scripts, potentially leading to further exploitation of the underlying system and additional attack vectors.
-
Data Compromise and Integrity Issues: The ability to modify scripts and access critical internal functionalities can result in data breaches, loss of data integrity, and operational disruption, making it essential for organizations to address this vulnerability swiftly.
Affected Version(s)
Reliance CG (legacy) *
References
CVSS V4
Timeline
Vulnerability published
Vulnerability Reserved