Credential Exposure in Newforma Info Exchange from Newforma
CVE-2025-35054

4.8MEDIUM

Key Information:

Vendor: Newforma
Status: Project Center
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-35054?

Newforma Info Exchange (NIX) is susceptible to a credential exposure issue where sensitive configuration credentials are stored in the registry. While the credentials are encrypted, the corresponding encryption key is also stored in the same location, allowing authenticated users to access both the credentials and the key. If the exposed credentials belong to Active Directory, malicious actors could leverage this information to gain unauthorized access to additional systems and resources, posing significant risks to organizational security.

Affected Version(s)

Project Center *

Project Center 2024.3

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

https://www.cve.org/CVERecord?id=CVE-2025-35054

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)

JSON