PT-2025-30399 · Unknown · Etq Reliance
Published
2025-07-22
·
Updated
2025-07-22
·
CVE-2025-34143
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ETQ Reliance versions prior to MP-4583
Description
An authentication bypass allows login as the privileged internal SYSTEM user by manipulating the
username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application.Recommendations
Update to version MP-4583 or later.
Fix
RCE
Improper Privilege Management
Authentication Bypass Using an Alternate Path or Channel
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Etq Reliance