CVE-2025-34143 is a critical authentication bypass vulnerability affecting all versions of ETQ Reliance CG (legacy). The vulnerability stems from improper validation logic in the authentication mechanism that allows an attacker to bypass normal login procedures by manipulating the username field to impersonate the internal SYSTEM account. This SYSTEM account does not require a password, enabling unauthenticated attackers with network access to the login interface to gain privileged access. Once authenticated as SYSTEM, the attacker can modify Jython scripts embedded in the application, leading to remote code execution (RCE) on the underlying system. The vulnerability involves multiple CWE categories: CWE-288 (Authentication Bypass by Alternate Path or Channel), CWE-269 (Improper Privilege Management), and CWE-78 (Improper Neutralization of Special Elements used in OS Command). The flaw was addressed in version MP-4583 by introducing stricter validation logic that excludes internal accounts from public authentication workflows, effectively preventing unauthorized SYSTEM logins. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) indicates network attack vector, no required authentication or user interaction, and high impact on confidentiality, integrity, and availability. Although no active exploits have been reported, the vulnerability’s characteristics make it highly exploitable and dangerous.

For European organizations, especially those in sectors such as manufacturing, pharmaceuticals, aerospace, and other regulated industries that rely on ETQ Reliance CG for quality and compliance management, this vulnerability poses a severe risk. Successful exploitation could lead to full system compromise, allowing attackers to execute arbitrary code, manipulate compliance data, disrupt quality control processes, and potentially cause operational downtime or regulatory non-compliance. The ability to bypass authentication without credentials and execute remote code elevates the threat to critical infrastructure and sensitive environments. Additionally, the compromise of such systems could facilitate lateral movement within corporate networks, increasing the risk of broader enterprise impact. Given the criticality and ease of exploitation, organizations face potential data breaches, operational disruptions, and reputational damage if not promptly addressed.

Organizations should immediately upgrade ETQ Reliance CG (legacy) to version MP-4583 or later, where the vulnerability has been patched with enhanced validation logic. If immediate patching is not feasible, restrict network access to the login interface by implementing network segmentation, firewall rules, and VPN access controls to limit exposure to trusted users only. Conduct thorough audits of existing user accounts and authentication logs to detect any suspicious login attempts or unauthorized access. Disable or remove legacy systems where possible, or isolate them from critical network segments. Employ application-layer firewalls or web application firewalls (WAFs) to detect and block anomalous authentication requests targeting the SYSTEM account. Regularly monitor for unusual Jython script modifications or other signs of compromise within the application environment. Finally, ensure incident response plans are updated to address potential exploitation scenarios involving ETQ Reliance CG.