CVE-2025-35052
published 2025-10-09CVE-2025-35052: Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files…
PriorityP432medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.35%
27.0th percentile
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| newforma | project_center | < 2024.1 | 2024.1 |
| newforma | project_center | < 2024.1 | 2024.1 |
| newforma | project_center | <= 2024.3 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vjw-w57f-jmf6: Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters
ghsa_unreviewed·2025-10-09
CVE-2025-35052 [MEDIUM] CWE-321 GHSA-2vjw-w57f-jmf6: Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys.
GHSA
GHSA-7cq8-vqmc-75p3: Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices
ghsa_unreviewed·2025-10-09·CVSS 6.3
CVE-2025-35056 [MEDIUM] CWE-22 GHSA-7cq8-vqmc-75p3: Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the ability of StreamStampImage to process the file. The encrypted file path can be generated using the shared, hard-coded secret key described in CVE-2025-35052. This vulnerability cannot be exploited as an 'anonymous' user as described in CVE-2025-35062.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-09
Published