平台
dotnet
组件
newforma-project-center-server
修复版本
2024.3.1
CVE-2025-35051 describes a critical insecure deserialization vulnerability affecting Newforma Project Center Server (NPCS) versions up to 2024.3. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on the server. The vulnerability resides in the '/ProjectCenter.rem' endpoint, which accepts serialized .NET data, and can be exploited to gain elevated privileges. Applying the update to version 2024.3.1 resolves this issue.
The impact of CVE-2025-35051 is severe due to the ease of exploitation and the potential for complete system compromise. An attacker can leverage this vulnerability to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges, effectively gaining control of the NPCS server. This could lead to data exfiltration, modification, or deletion, as well as the installation of malware or the use of the server as a launchpad for further attacks within the internal network. Given the recommended architecture of NPCS, this vulnerability is particularly concerning as the endpoint is often accessible on internal networks, increasing the attack surface. The ability to execute code with elevated privileges significantly expands the blast radius of a successful attack.
CVE-2025-35051 was publicly disclosed on 2025-10-09. The vulnerability's ease of exploitation and the potential for significant impact suggest a medium to high probability of exploitation. While no public proof-of-concept (POC) code has been released at the time of writing, the insecure deserialization pattern is well-understood and readily exploitable. It is advisable to monitor threat intelligence feeds for any indications of active exploitation campaigns. The vulnerability has not yet been added to the CISA KEV catalog.
Organizations utilizing Newforma Project Center Server, particularly those with internal networks where the '/ProjectCenter.rem' endpoint is accessible, are at significant risk. This includes construction firms, architectural firms, and engineering companies that rely on NPCS for project management and collaboration. Legacy configurations with default firewall rules or inadequate network segmentation are especially vulnerable.
• windows / supply-chain:
Get-Process -Name ProjectCenter | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*ProjectCenter*'}• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-PowerShell']]]" | Where-Object {$_.Message -like '*ProjectCenter*'}• generic web:
curl -I https://<NPCS_IP>:9003/ProjectCenter.remdisclosure
漏洞利用状态
EPSS
0.29% (52% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-35051 is to immediately upgrade Newforma Project Center Server to version 2024.3.1 or later. If upgrading is not immediately feasible, restrict network access to the '/ProjectCenter.rem' endpoint (port 9003/tcp) to only trusted internal clients. This can be achieved through firewall rules or network segmentation. Consider implementing a Web Application Firewall (WAF) to filter malicious requests targeting the endpoint. Regularly review and harden the server's configuration, ensuring that only necessary services are running and that access controls are properly enforced. After upgrading, confirm the vulnerability is resolved by attempting a deserialization attack (if possible in a safe testing environment) and verifying that it is blocked.
Restrinja el acceso a la red al endpoint vulnerable de Newforma Project Center Server (NPCS). Consulte la documentación del producto para obtener instrucciones específicas sobre cómo configurar el acceso a la red y aplicar las configuraciones recomendadas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-35051 is a critical vulnerability allowing remote code execution in Newforma Project Center Server versions ≤2024.3 via the '/ProjectCenter.rem' endpoint. An attacker can execute arbitrary code with elevated privileges.
If you are running Newforma Project Center Server versions prior to 2024.3.1, you are potentially affected. Assess your network configuration to determine if the vulnerable endpoint is exposed.
Upgrade to Newforma Project Center Server version 2024.3.1 or later. As a temporary workaround, restrict network access to the '/ProjectCenter.rem' endpoint.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a potential for exploitation. Monitor threat intelligence feeds for updates.
Refer to the Newforma security advisory for detailed information and remediation steps: [https://www.newforma.com/security-advisory-cve-2025-35051](https://www.newforma.com/security-advisory-cve-2025-35051)
上传你的 packages.lock.json 文件,立即知道是否受影响。