Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Oct 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 10 Oct 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Newforma
Newforma project Center Server |
|
Vendors & Products |
Newforma
Newforma project Center Server |
Thu, 09 Oct 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account. | |
Title | Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx | |
Weaknesses | CWE-294 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisa-cg
Published: 2025-10-09T20:22:37.069Z
Updated: 2025-10-10T19:25:07.187Z
Reserved: 2025-04-15T20:56:24.406Z
Link: CVE-2025-35061

Updated: 2025-10-10T19:25:00.599Z

Status : Received
Published: 2025-10-09T21:15:37.460
Modified: 2025-10-09T21:15:37.460
Link: CVE-2025-35061

No data.