CVE-2025-35054

Medium CVSS: 4.8

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Vendor

Newforma

Product

Project Center

CWE

CWE-257

Yayın Tarihi

2025-10-09 21:15:36

Güncelleme

2025-10-22 15:18:27

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-257 Project Center MEDIUM Newforma 2025

Referanslar

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35054

Benzer Kayıtlar

Medium

CVE-2025-35059

Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl…

Medium

CVE-2025-35060

Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to u…

High

CVE-2025-35061

Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker t…

Medium

CVE-2025-35062

Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenti…

Medium

CVE-2025-35052

Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values…

Medium

CVE-2025-35053

Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedP…