File Disclosure Vulnerability in Newforma Info Exchange by Newforma
CVE-2025-35056

5.3MEDIUM

Key Information:

Vendor

Newforma

Status
Project Center
Vendor
CVE Published:
9 October 2025

What is CVE-2025-35056?

The vulnerability in Newforma Info Exchange (NIX) involves the '/UserWeb/Common/MarkupServices.ashx' endpoint, where the 'StreamStampImage' function can process an encrypted file path. An authenticated attacker utilizing the hard-coded secret key from CVE-2025-35052 can exploit this flaw to gain unauthorized access to sensitive files, leveraging the privileges of the NIX service, typically those of NT AUTHORITY\NetworkService. This raises significant security concerns, particularly regarding the integrity and confidentiality of data processed by the platform. It is crucial for users to ensure their systems are updated to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Project Center 0 < 2024.1

Project Center 2024.1

References

https://www.cve.org/CVERecord?id=CVE-2025-35062
https://www.cve.org/CVERecord?id=CVE-2025-35056
https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)
JSON
.