Home

Description

Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-09 | Updated 2025-10-10 | Assigner cisa-cg




HIGH: 8.2CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-294 Authentication Bypass by Capture-replay

Product status

Default status
unknown

Any version before 2023.2
affected

2023.2
unaffected

Credits

Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)

References

raw.githubusercontent.com/...IT/white/2025/va-25-282-01.json (url)

www.cve.org/CVERecord?id=CVE-2025-35061 (url)

cve.org (CVE-2025-35061)

nvd.nist.gov (CVE-2025-35061)

Download JSON