Home

Description

Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete directories. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-09 | Updated 2025-10-10 | Assigner cisa-cg




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unknown

Any version before 2023.1
affected

2023.1
unaffected

Credits

Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)

References

www.cve.org/CVERecord?id=CVE-2025-35062 (url)

www.cve.org/CVERecord?id=CVE-2025-35055 (url)

raw.githubusercontent.com/...IT/white/2025/va-25-282-01.json (url)

cve.org (CVE-2025-35055)

nvd.nist.gov (CVE-2025-35055)

Download JSON