Vulnerability Description
Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the ability of StreamStampImage to process the file. The encrypted file path can be generated using the shared, hard-coded secret key described in CVE-2025-35052. This vulnerability cannot be exploited as an 'anonymous' user as described in CVE-2025-35062.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Newforma | Project Center | < 2024.1 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-35056Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-35062Third Party Advisory
FAQ
What is CVE-2025-35056?
CVE-2025-35056 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbi...
How severe is CVE-2025-35056?
CVE-2025-35056 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-35056?
Check the references section above for vendor advisories and patch information. Affected products include: Newforma Project Center.