CVE-2025-34141 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the ETQ Reliance CG (legacy) platform, specifically within the SQLConverterServlet component. This vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79 and CWE-116. The flaw allows an attacker to craft a malicious URL that, when clicked by an authenticated user, causes unauthorized scripts to execute in the context of that user's browser session. The servlet in question was unnecessarily exposed to authenticated users, increasing the attack surface. The vulnerability requires user interaction (clicking a crafted link) but does not require any privileges or authentication to exploit, as indicated by the CVSS vector. The CVSS v4.0 base score is 5.1, categorizing it as medium severity. The vendor has addressed this issue by disabling the affected servlet in the newer SE.2025.1 version. No known exploits are currently reported in the wild. The vulnerability impacts all versions of the legacy ETQ Reliance CG platform, which is used for quality, compliance, and risk management in regulated industries. The reflected XSS can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user, depending on the victim's privileges and the nature of the injected script. Since the vulnerability requires user interaction and affects only authenticated users, the attack vector is somewhat limited but still significant given the sensitive nature of the platform's use cases.

For European organizations using ETQ Reliance CG (legacy), this vulnerability poses a risk to the confidentiality and integrity of user sessions and data. Given that ETQ Reliance CG is often deployed in regulated sectors such as pharmaceuticals, manufacturing, and healthcare, exploitation could lead to unauthorized access to sensitive compliance and quality management data. This could result in regulatory non-compliance, data breaches, and operational disruptions. The reflected XSS could be leveraged to steal session cookies or perform actions on behalf of legitimate users, potentially escalating to broader system compromise if combined with other vulnerabilities or social engineering tactics. The requirement for user interaction somewhat limits mass exploitation but targeted phishing campaigns could be effective. The disabling of the vulnerable servlet in newer versions mitigates future risk, but organizations still running legacy versions remain exposed. Additionally, the exposure of the servlet to authenticated users increases risk within internal networks or remote access scenarios. The impact on availability is minimal, but the breach of confidentiality and integrity could have severe consequences in regulated environments.

European organizations should prioritize upgrading to ETQ Reliance CG version SE.2025.1 or later, where the vulnerable servlet has been disabled. If immediate upgrade is not feasible, organizations should implement strict access controls to limit exposure of the SQLConverterServlet, such as network segmentation, web application firewalls (WAF) with custom rules to detect and block malicious payloads targeting this servlet, and disabling or restricting access to the servlet at the web server or application server level. User training to recognize phishing attempts and avoid clicking suspicious links is critical given the user interaction requirement. Additionally, organizations should conduct regular security assessments and penetration tests focusing on web application vulnerabilities, including XSS. Monitoring logs for unusual requests to the SQLConverterServlet and anomalous user behavior can help detect attempted exploitation. Employing Content Security Policy (CSP) headers can reduce the impact of XSS by restricting script execution contexts. Finally, organizations should review and harden authentication and session management mechanisms to minimize the impact of session hijacking attempts.