Vulnerability Description
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration in API authorization logic, which has since been corrected in SE.2025.1 and 2025.1.2.
Related Weaknesses (CWE)
References
- https://www.etq.com/blog/etq-reliance-security-update/
- https://www.etq.com/product-overview/
- https://www.vulncheck.com/advisories/etq-reliance-cg-nxg-api-authorization-bypas
FAQ
What is CVE-2025-34140?
CVE-2025-34140 is a documented vulnerability. An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass acc...
How severe is CVE-2025-34140?
CVSS scoring is not yet available for CVE-2025-34140. Check NVD for updates.
Is there a patch for CVE-2025-34140?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.