How severe is CVE-2025-35054?

CVE-2025-35054 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-35054

Name: project_center
Author: newforma

5.3MEDIUM

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in

公開日: 10/9/2025更新日: 10/22/2025

説明

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

AI分析AIによる分析

影響を受ける製品

newformaproject_center

参照

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35054
Third Party Advisory