CVE-2025-35062 | THREATINT

Description

Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.

PUBLISHED Reserved 2025-04-15 | Published 2025-10-09 | Updated 2025-10-10 | Assigner cisa-cg

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-276 Incorrect Default Permissions

Product status

Default status

unknown

Any version before 2023.1

affected

2023.1

unaffected

Credits

Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)

References

raw.githubusercontent.com/...IT/white/2025/va-25-282-01.json (url)

www.cve.org/CVERecord?id=CVE-2025-35062 (url)

cve.org (CVE-2025-35062)

nvd.nist.gov (CVE-2025-35062)

Download JSON