CVE-2025-35054

EPSS 0.01%
Veröffentlicht 09.10.2025 20:20:40
Zuletzt bearbeitet 22.10.2025 15:18:27
Quelle 9119a7d8-5eab-497f-8521-727c67
CVE-Watchlists
Login
Unerledigt
Login

Newforma Info Exchange (NIX) stores credentials  used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 3 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Newforma ≫ Project Center Version <= 2024.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.019

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9119a7d8-5eab-497f-8521-727c672e3725	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
9119a7d8-5eab-497f-8521-727c672e3725	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-257 Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json

Third Party Advisory

https://www.cve.org/CVERecord?id=CVE-2025-35054

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-35054

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-35054

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-35054

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-35054