Platform
dotnet
Component
newforma-info-exchange
Opgelost in
2024.3.1
CVE-2025-35050 describes a critical Insecure Deserialization vulnerability affecting Newforma Info Exchange (NIX) versions up to and including 2024.3. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on the system. Exploitation can also impact associated Newforma Project Center Server (NPCS) systems. A patch is available in version 2024.3.1.
The vulnerability lies in the '/remoteweb/remote.rem' endpoint, which accepts serialized .NET data without proper validation. An attacker can craft malicious serialized data to trigger arbitrary code execution. This code will run with the privileges of the 'NT AUTHORITY\NetworkService' account, granting significant control over the affected system. Crucially, because NIX systems often interact with NPCS systems, a successful compromise of NIX could be leveraged to attack the NPCS infrastructure, expanding the potential blast radius. This vulnerability is particularly concerning due to its unauthenticated nature, meaning no prior authentication is required to exploit it.
CVE-2025-35050 was publicly disclosed on 2025-10-09. The vulnerability's critical CVSS score (9.8) indicates a high potential for exploitation. While no public proof-of-concept (PoC) code has been publicly released as of this writing, the ease of exploiting insecure deserialization vulnerabilities suggests that a PoC is likely to emerge. It is not currently listed on CISA KEV, but its severity warrants close monitoring. The lack of authentication required for exploitation significantly increases the risk.
Organizations utilizing Newforma Info Exchange, particularly those with direct internet exposure to their NIX servers, are at significant risk. Environments with legacy configurations or those lacking robust network segmentation are especially vulnerable. Shared hosting environments where multiple tenants share the same NIX instance also face increased risk, as a compromise of one tenant could potentially impact others.
• windows / dotnet:
Get-Process -Name NewformaInfoExchange | Select-Object -ExpandProperty Path• windows / dotnet: Check registry for suspicious deserialization-related entries under HKEYLOCALMACHINE\SOFTWARE\Newforma\InfoExchange.
• windows / dotnet: Monitor Windows Defender for alerts related to process creation or network connections involving NewformaInfoExchange.exe.
• generic web: Use curl to attempt accessing /remoteweb/remote.rem and observe the response. A successful request without authentication is indicative of the vulnerability.
curl -v http://<target_ip>/remoteweb/remote.remdisclosure
patch
Exploit Status
EPSS
0.35% (57% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to upgrade to Newforma Info Exchange version 2024.3.1 or later, which contains the fix for this vulnerability. If immediate upgrading is not possible, restrict network access to the '/remoteweb/remote.rem' endpoint. This can be achieved using the IIS URL Rewrite Module to block access to the endpoint. Monitor system logs for any unusual activity related to the endpoint. Consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting the endpoint. After upgrading, confirm the vulnerability is resolved by attempting to send a crafted serialized payload to the endpoint and verifying that it is rejected.
Restrinja el acceso de red al endpoint '/remoteweb/remote.rem'. Puede utilizar el módulo IIS URL Rewrite para implementar esta restricción. Consulte la documentación de Newforma y Microsoft para obtener instrucciones detalladas sobre cómo configurar el módulo IIS URL Rewrite.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-35050 is a critical vulnerability allowing remote code execution in Newforma Info Exchange versions ≤2024.3 via the '/remoteweb/remote.rem' endpoint, potentially impacting associated NPCS systems.
You are affected if you are running Newforma Info Exchange versions prior to 2024.3.1. Assess your environment immediately to determine if you are vulnerable.
Upgrade to Newforma Info Exchange version 2024.3.1 or later. As a temporary workaround, restrict network access to the '/remoteweb/remote.rem' endpoint using IIS URL Rewrite.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the official Newforma security advisory for detailed information and mitigation steps: [https://www.newforma.com/security-advisory-cve-2025-35050](https://www.newforma.com/security-advisory-cve-2025-35050)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je packages.lock.json-bestand en we vertellen je direct of je getroffen bent.