Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-35054

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Published

2025-10-09T21:15:36.357

Last Modified

2025-10-22T15:18:27.027

Status

Analyzed

Source

9119a7d8-5eab-497f-8521-727c672e3725

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-257
CWE-522
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	newforma	project_center	≤ 2024.3	Yes

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
https://www.cve.org/CVERecord?id=CVE-2025-35054 Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)