CVE-2025-35050
Published: 09 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-35050 is a critical vulnerability in Newforma Info Exchange (NIX), where the '/remoteweb/remote.rem' endpoint accepts serialized .NET data, enabling remote code execution. This flaw affects NIX deployments, particularly those integrated with Newforma Project Center Server (NPCS), as the endpoint is utilized by NPCS. Assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it is linked to CWE-306 (Missing Authentication for Critical Function) and CWE-502 (Deserialization of Untrusted Data).
A remote, unauthenticated attacker can exploit this vulnerability by sending malicious serialized .NET payloads to the exposed endpoint, resulting in arbitrary code execution under 'NT AUTHORITY\NetworkService' privileges on the NIX system. Once compromised, the attacker can leverage the NIX system to target an associated NPCS instance, potentially expanding the scope of the compromise within the environment.
Advisories recommend mitigating the vulnerability by restricting network access to the '/remoteweb/remote.rem' endpoint, such as through the IIS URL Rewrite Module. No patches are explicitly mentioned in the available details.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote code execution via a public-facing web endpoint accepting untrusted .NET deserialization payloads, directly mapping to exploitation of public-facing applications.