CVE-2025-35050

216.73.217.22

· Published 09/10/2025 21:15 · Modified 09/10/2025 21:15

Labels: CVE-2025-35050 2025-10-09 9119a7d8-5eab-497f-8521-727c672e3725 CVE-2025-35050 CWE-306

Essential information

Published: 09/10/2025 21:15
Modified: 09/10/2025 21:15
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server (NPCS), so a compromised NIX system can be used to attack an associated NPCS system. To mitigate this vulnerability, restrict network access to the '/remoteweb/remote.rem' endpoint, for example using the IIS URL Rewrite Module.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 9119a7d8-5eab-497f-8521-727c672e3725
NVD: View on NVD

Affected products (CPE)

Product	CPE
newforma / info exchange	`cpe:2.3:a:newforma:info_exchange::::::::`
newforma / project center server	`cpe:2.3:a:newforma:project_center_server::::::::`