Platform
dotnet
Component
newforma-info-exchange
Fixed in
2024.3.1
CVE-2025-35050 describes a critical Insecure Deserialization vulnerability affecting Newforma Info Exchange (NIX) versions up to and including 2024.3. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on the system. Exploitation can also impact associated Newforma Project Center Server (NPCS) systems. A patch is available in version 2024.3.1.
The vulnerability lies in the '/remoteweb/remote.rem' endpoint, which accepts serialized .NET data without proper validation. An attacker can craft malicious serialized data to trigger arbitrary code execution. This code will run with the privileges of the 'NT AUTHORITY\NetworkService' account, granting significant control over the affected system. Crucially, because NIX systems often interact with NPCS systems, a successful compromise of NIX could be leveraged to attack the NPCS infrastructure, expanding the potential blast radius. This vulnerability is particularly concerning due to its unauthenticated nature, meaning no prior authentication is required to exploit it.
CVE-2025-35050 was publicly disclosed on 2025-10-09. The vulnerability's critical CVSS score (9.8) indicates a high potential for exploitation. While no public proof-of-concept (PoC) code has been publicly released as of this writing, the ease of exploiting insecure deserialization vulnerabilities suggests that a PoC is likely to emerge. It is not currently listed on CISA KEV, but its severity warrants close monitoring. The lack of authentication required for exploitation significantly increases the risk.
Exploit Status
EPSS
0.35% (57% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to Newforma Info Exchange version 2024.3.1 or later, which contains the fix for this vulnerability. If immediate upgrading is not possible, restrict network access to the '/remoteweb/remote.rem' endpoint. This can be achieved using the IIS URL Rewrite Module to block access to the endpoint. Monitor system logs for any unusual activity related to the endpoint. Consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting the endpoint. After upgrading, confirm the vulnerability is resolved by attempting to send a crafted serialized payload to the endpoint and verifying that it is rejected.
Restrict network access to the '/remoteweb/remote.rem' endpoint. You can use the IIS URL Rewrite Module to implement this restriction. Refer to Newforma and Microsoft documentation for detailed instructions on how to configure the IIS URL Rewrite Module.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-35050 is a critical vulnerability allowing remote code execution in Newforma Info Exchange versions ≤2024.3 via the '/remoteweb/remote.rem' endpoint, potentially impacting associated NPCS systems.
You are affected if you are running Newforma Info Exchange versions prior to 2024.3.1. Assess your environment immediately to determine if you are vulnerable.
Upgrade to Newforma Info Exchange version 2024.3.1 or later. As a temporary workaround, restrict network access to the '/remoteweb/remote.rem' endpoint using IIS URL Rewrite.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the official Newforma security advisory for detailed information and mitigation steps: [https://www.newforma.com/security-advisory-cve-2025-35050](https://www.newforma.com/security-advisory-cve-2025-35050)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.