How severe is CVE-2025-35054?

CVE-2025-35054 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-35054

Name: project_center
Author: newforma

5.3MEDIUM

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in

Veröffentlicht: 10/9/2025Aktualisiert: 10/22/2025

Beschreibung

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

KI-AnalyseKI-gestützt

Betroffene Produkte

newformaproject_center

Referenzen

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35054
Third Party Advisory