CVE-2025-35058
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-22
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newforma | project_center | to 2023.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Newforma Info Exchange (NIX) allows a remote, unauthenticated attacker to trigger the system to make an SMB connection to an attacker-controlled server. Through this connection, the attacker can capture the NTLMv2 hash of the NIX service account configured by the customer.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can obtain the NTLMv2 hash of the NIX service account without authentication. This could potentially allow the attacker to perform further attacks such as credential replay or offline cracking to gain unauthorized access to the system or network resources associated with that account.