How severe is CVE-2025-35054?

CVE-2025-35054 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-35054

Name: project_center
Author: newforma

5.3MEDIUM

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in

Published: 10/9/2025Updated: 10/22/2025

Description

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

AI AnalysisPowered by AI

Affected Products

newformaproject_center

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35054
Third Party Advisory