CVE-2025-34140

UNKNOWN 0.0

ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was a misconfiguration in API authorization logic, which has since been corrected in SE.2025.1 and 2025.1.2.

CWE	CWE-639
Vendor	etq
Product	reliance cg (legacy)
Published	Jul 22, 2025
Last Updated	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for etq reliance cg (legacy)

Be the first to know when new unknown vulnerabilities affecting etq reliance cg (legacy) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ETQ / Reliance CG (legacy)

0 < SE.2025.1

ETQ / Reliance NXG (SaaS)

0 < SE.2025.1 0 < 2025.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

etq.com: https://www.etq.com/product-overview/ etq.com: https://www.etq.com/blog/etq-reliance-security-update/ vulncheck.com: https://www.vulncheck.com/advisories/etq-reliance-cg-nxg-api-authorization-bypass-via-localized-text-uri-suffix

Credits

Adam Kues and Shubham Shah of Assetnote