CVE-2025-34140

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions ETQ Reliance versions prior to SE.2025.1 ETQ Reliance versions prior to 2025.1.2

Description An authorization bypass allows an unauthenticated attacker to retrieve limited sensitive resources by appending a specific URI suffix to certain API endpoints. The issue stems from a misconfiguration in API authorization logic.

Recommendations Update to version SE.2025.1 or later. Update to version 2025.1.2 or later.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-34140

Affected Products

Etq Reliance

CVE-2025-34140

Weakness Enumeration

Related Identifiers

Affected Products

References · 8