Reliance CG (legacy) - RCE (CVE-2025-34143)

CVE-2025-34143 is a critical authentication bypass vulnerability in ETQ Reliance CG (legacy), where attackers can log in as the privileged SYSTEM user simply by manipulating the username field, as this account does not require a password. With network access to the login page, threat actors can gain elevated privileges and potentially achieve remote code execution by altering Jython scripts within the application. This flaw poses a significant risk of full system compromise until patched.

CrowdSec has been tracking this vulnerability and its exploits since 24th of July 2025.

CrowdSec network observations suggest that most exploitation of CVE-2025-34143 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-34143 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-34143 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit the authentication endpoint /reliance/resources/sessions by sending specially crafted POST requests to bypass authentication and gain SYSTEM-level access.