Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server (NPCS), so a compromised NIX system can be used to attack an associated NPCS system. To mitigate this vulnerability, restrict network access to the '/remoteweb/remote.rem' endpoint, for example using the IIS URL Rewrite Module.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Oct 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 10 Oct 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Newforma
Newforma project Center Server |
|
Vendors & Products |
Newforma
Newforma project Center Server |
Thu, 09 Oct 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server (NPCS), so a compromised NIX system can be used to attack an associated NPCS system. To mitigate this vulnerability, restrict network access to the '/remoteweb/remote.rem' endpoint, for example using the IIS URL Rewrite Module. | |
Title | Newforma Info Exchange (NIX) .NET unauthenticated deserialization | |
Weaknesses | CWE-306 CWE-502 |
|
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisa-cg
Published: 2025-10-09T20:19:12.867Z
Updated: 2025-10-10T19:38:21.311Z
Reserved: 2025-04-15T20:56:24.405Z
Link: CVE-2025-35050

Updated: 2025-10-10T19:38:16.935Z

Status : Received
Published: 2025-10-09T21:15:35.707
Modified: 2025-10-09T21:15:35.707
Link: CVE-2025-35050

No data.