CVE-2025-35054 MEDIUM

CVE-2025-35054: Newforma Info Exchange (NIX) insufficiently protected credentials

Vendor Newforma
Product Project Center
Weakness CWE-922
Published October 9, 2025
Last update October 10, 2025

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Key dates

02Disclosure timeline

October 9, 2025 CVE published
October 10, 2025 Record updated