CVE-2025-35062
published 2025-10-09CVE-2025-35062: Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
26.9th percentile
Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| newforma | project_center | < 2023.1 | 2023.1 |
| newforma | project_center | < 2024.1 | 2024.1 |
| newforma | project_center | <= 2024.3 | — |
| newforma | project_center | — | — |
| newforma | project_center | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-22mx-5372-vwv3: Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices
ghsa_unreviewed·2025-10-09·CVSS 6.9
CVE-2025-35053 [MEDIUM] CWE-22 GHSA-22mx-5372-vwv3: Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices
Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges.
In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability.
GHSA
GHSA-pv37-mf6h-p9j8: Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp
ghsa_unreviewed·2025-10-09·CVSS 6.9
CVE-2025-35055 [MEDIUM] CWE-22 GHSA-pv37-mf6h-p9j8: Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp
Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete directories. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability.
GHSA
GHSA-7vv3-f3c9-f6v6: Newforma Info Exchange (NIX) before version 2023
ghsa_unreviewed·2025-10-09
CVE-2025-35062 [MEDIUM] CWE-276 GHSA-7vv3-f3c9-f6v6: Newforma Info Exchange (NIX) before version 2023
Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
GHSA
GHSA-7cq8-vqmc-75p3: Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices
ghsa_unreviewed·2025-10-09·CVSS 6.3
CVE-2025-35056 [MEDIUM] CWE-22 GHSA-7cq8-vqmc-75p3: Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the ability of StreamStampImage to process the file. The encrypted file path can be generated using the shared, hard-coded secret key described in CVE-2025-35052. This vulnerability cannot be exploited as an 'anonymous' user as described in CVE-2025-35062.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-09
Published