Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Oct 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 10 Oct 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Newforma
Newforma project Center Server |
|
Vendors & Products |
Newforma
Newforma project Center Server |
Thu, 09 Oct 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account. | |
Title | Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx | |
Weaknesses | CWE-294 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisa-cg
Published: 2025-10-09T20:21:43.176Z
Updated: 2025-10-10T19:32:49.847Z
Reserved: 2025-04-15T20:56:24.406Z
Link: CVE-2025-35058

Updated: 2025-10-10T19:32:45.969Z

Status : Received
Published: 2025-10-09T21:15:36.983
Modified: 2025-10-09T21:15:36.983
Link: CVE-2025-35058

No data.