How severe is CVE-2025-35054?

CVE-2025-35054 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-35054

Name: project_center
Author: newforma

5.3MEDIUM

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in

Опубликовано: 10/9/2025Обновлено: 10/22/2025

Описание

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

ИИ-АнализНа базе ИИ

Затронутые продукты

newformaproject_center

Ссылки

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35054
Third Party Advisory