How severe is CVE-2025-35054?

CVE-2025-35054 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-35054

Name: project_center
Author: newforma

5.3MEDIUM

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in

Publicado: 10/9/2025Actualizado: 10/22/2025

Descripción

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Análisis IAImpulsado por IA

Productos Afectados

newformaproject_center

Referencias

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35054
Third Party Advisory