Newforma Project Center — known CVE vulnerabilities
Every CVE whose affected-product data names Newforma Project Center, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2025-35050 — CVSS 9.8 (critical): Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated…
CVE-2025-35051 — CVSS 9.8 (critical): Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote…
CVE-2025-35055 — CVSS 8.8 (high): Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any…
CVE-2025-35053 — CVSS 6.4 (medium): Newforma Info Exchange (NIX) accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that…
CVE-2025-35061 — CVSS 5.9 (medium): Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make…
CVE-2025-35058 — CVSS 5.9 (medium): Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB…
CVE-2025-35060 — CVSS 5.5 (medium): Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files…
CVE-2025-35062 — CVSS 5.3 (medium): Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to…
CVE-2025-35057 — CVSS 5.3 (medium): Newforma Info Exchange (NIX) '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB…
CVE-2025-35054 — CVSS 5.3 (medium): Newforma Info Exchange (NIX) stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. The…
CVE-2025-35052 — CVSS 5.3 (medium): Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths…
CVE-2025-35056 — CVSS 5.0 (medium): Newforma Info Exchange (NIX) '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image…
CVE-2024-32499 — CVSS 4.9 (medium): Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.
CVE-2025-35059 — CVSS 4.3 (medium): Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.