Newforma Project Center Server (NPCS) .NET unauthenticated deserialization_CVE-2025-35051

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS.

Basic Information

ID CVE-2025-35051

Source cisa-cg

Published Oct 9, 2025 at 20:19

Affected Product

Vendor Newforma

Product Project Center

Version *

Affected Versions Newforma Project Center *
Newforma Project Center 2024.3

CWE Classification

CWE-502 CWE-306

References

{
    "lastseen": "",
    "description": "Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS.",
    "published": "2025-10-09T20:19:43.826Z",
    "modified": "2025-10-09T20:19:43.826Z",
    "type": "cve",
    "title": "Newforma Project Center Server (NPCS) .NET unauthenticated deserialization",
    "source": "cisa-cg",
    "references": "https://projectcenter.help.newforma.com/overviews/info_exchange_overview/\nhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35051",
    "id": "CVE-2025-35051",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Newforma Project Center *\nNewforma Project Center 2024.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Project Center",
    "version": "*",
    "vendor": "Newforma",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}