Newforma Info Exchange (NIX) insufficiently protected credentials_CVE-2025-35054

5.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Basic Information

ID CVE-2025-35054

Source cisa-cg

Published Oct 9, 2025 at 20:20

Affected Product

Vendor Newforma

Product Project Center

Version *

Affected Versions Newforma Project Center *
Newforma Project Center 2024.3

CWE Classification

CWE-922 CWE-522 CWE-257

References

{
    "lastseen": "",
    "description": "Newforma Info Exchange (NIX) stores credentials  used to configure NPCS in 'HKLM\\Software\\WOW6432Node\\Newforma\\<version>\\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.",
    "published": "2025-10-09T20:20:40.025Z",
    "modified": "2025-10-09T20:20:40.025Z",
    "type": "cve",
    "title": "Newforma Info Exchange (NIX) insufficiently protected credentials",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35054",
    "id": "CVE-2025-35054",
    "bulletinFamily": "",
    "cwe": [
        "CWE-922",
        "CWE-522",
        "CWE-257"
    ],
    "cvelist": null,
    "sourceData": "Newforma Project Center *\nNewforma Project Center 2024.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Project Center",
    "version": "*",
    "vendor": "Newforma",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}