6.4
CVE-2025-35053
- EPSS 0.06%
- Veröffentlicht 09.10.2025 20:20:18
- Zuletzt bearbeitet 22.10.2025 16:09:44
- Quelle 9119a7d8-5eab-497f-8521-727c67
- CVE-Watchlists
- Unerledigt
LoginNewforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Newforma ≫ Project Center Version <= 2024.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.2 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 6.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 9119a7d8-5eab-497f-8521-727c672e3725 | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.