CVE-2025-34143 is a critical authentication bypass vulnerability affecting ETQ Reliance CG (legacy) platform. The flaw arises because the application allows login as the privileged internal SYSTEM user by manipulating the username field during authentication. Notably, the SYSTEM account does not require a password, enabling an attacker with network access to the login page to gain elevated privileges without any authentication. Once authenticated as SYSTEM, the attacker can execute arbitrary code remotely by modifying Jython scripts within the application environment. This vulnerability stems from insufficient validation logic that failed to exclude internal accounts from public authentication workflows. The vendor addressed this issue in version MP-4583 by implementing stricter validation to prevent internal accounts from being accessible through public login mechanisms. The vulnerability is classified under CWE-288 (Authentication Bypass Using Alternate Path or Channel), CWE-269 (Improper Privilege Management), and CWE-78 (Improper Neutralization of Special Elements used in OS Command). The CVSS 4.0 base score is 9.3 (critical), reflecting the vulnerability’s ease of exploitation (no authentication or user interaction required), network attack vector, and high impact on confidentiality, integrity, and availability. No known exploits have been reported in the wild yet, but the potential for remote code execution makes this a severe threat to affected systems.

For European organizations using ETQ Reliance CG (legacy), this vulnerability poses a significant risk. ETQ Reliance is often used in quality management and compliance processes across industries such as manufacturing, pharmaceuticals, and aerospace, sectors prevalent in Europe. An attacker exploiting this flaw could gain SYSTEM-level access, leading to full compromise of the application and potentially the underlying infrastructure. This could result in unauthorized data access, manipulation or deletion of critical compliance records, disruption of quality management workflows, and deployment of malicious payloads within the corporate network. The ability to execute arbitrary code remotely could also facilitate lateral movement, data exfiltration, or ransomware deployment. Given the criticality of quality and compliance data in regulated European markets, exploitation could lead to regulatory penalties, reputational damage, and operational downtime. The lack of authentication requirement and network accessibility of the login page increases the attack surface, especially for organizations exposing this application to internal or external networks without adequate segmentation or access controls.

European organizations should prioritize immediate patching by upgrading to ETQ Reliance CG version MP-4583 or later, where the vulnerability is fixed. If patching is not immediately feasible, implement network-level access controls to restrict access to the login page only to trusted internal IPs or VPN users. Deploy web application firewalls (WAFs) with rules to detect and block attempts to authenticate as SYSTEM or other internal accounts. Conduct thorough audits of user accounts and authentication logs to detect suspicious login attempts. Review and harden Jython script permissions and monitor for unauthorized modifications. Employ network segmentation to isolate the ETQ Reliance CG application servers from broader enterprise networks, limiting potential lateral movement. Additionally, implement intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts targeting this vulnerability. Finally, conduct security awareness training for administrators managing ETQ Reliance to recognize and respond to potential exploitation indicators.