CVE-2025-35054

Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:newforma:project_center:*:*:*:*:*:*:*:*

History

22 Oct 2025, 15:18

Type Values Removed Values Added
References () https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json - () https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json - Third Party Advisory
References () https://www.cve.org/CVERecord?id=CVE-2025-35054 - () https://www.cve.org/CVERecord?id=CVE-2025-35054 - Third Party Advisory
First Time Newforma
Newforma project Center
CPE cpe:2.3:a:newforma:project_center:*:*:*:*:*:*:*:*

09 Oct 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-10-09 21:15

Updated : 2025-10-22 15:18


NVD link : CVE-2025-35054

Mitre link : CVE-2025-35054

CVE.ORG link : CVE-2025-35054


JSON object : View

Products Affected

newforma

  • project_center
CWE
CWE-257

Storing Passwords in a Recoverable Format

CWE-522

Insufficiently Protected Credentials

CWE-922

Insecure Storage of Sensitive Information