CVE-2025-35051
Published: 09 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-35051 is a critical vulnerability in Newforma Project Center Server (NPCS) that arises from the acceptance of serialized .NET data via the '/ProjectCenter.rem' endpoint on TCP port 9003. This flaw, associated with CWE-306 (Missing Authentication for Critical Function) and CWE-502 (Deserialization of Untrusted Data), enables remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and lack of prerequisites.
A remote, unauthenticated attacker can exploit this vulnerability by sending malicious serialized .NET data to the affected endpoint, resulting in arbitrary code execution with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the NPCS endpoint is intended to be accessible only on internal networks, but exploitation assumes network reachability as per the CVSS vector.
Advisories recommend mitigating the vulnerability by restricting network access to the NPCS server, ensuring the '/ProjectCenter.rem' endpoint on port 9003/tcp is not exposed externally. References include Newforma's documentation at https://projectcenter.help.newforma.com/overviews/info_exchange_overview/, a CISA CSAF advisory at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json, and the official CVE record at https://www.cve.org/CVERecord?id=CVE-2025-35051.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables unauthenticated remote code execution via exploitation of a public-facing .NET remoting endpoint, directly mapping to T1190: Exploit Public-Facing Application.