Home

Description

Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-09 | Updated 2025-10-10 | Assigner cisa-cg




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
HIGH: 7.7CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/MAV:A

Problem types

CWE-502 Deserialization of Untrusted Data

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

*
affected

2024.3
affected

Credits

Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)

References

projectcenter.help.newforma.com/...s/info_exchange_overview/ (url)

raw.githubusercontent.com/...IT/white/2025/va-25-282-01.json (url)

www.cve.org/CVERecord?id=CVE-2025-35051 (url)

cve.org (CVE-2025-35051)

nvd.nist.gov (CVE-2025-35051)

Download JSON