CVE-2025-35054 – Newforma Info Exchange (NIX) stores encrypted c... (How to Fix)

Q: What is the severity of CVE-2025-35054?

CVE-2025-35054 has a CVSS score of 5.3 (MEDIUM). Newforma Info Exchange (NIX) stores encrypted credentials with their encryption key in the same Windows registry location, allowing authenticated users to decrypt and access sensitive credentials. If these are Active Directory credentials, attackers could move laterally to other systems. This affects organizations using Newforma Info Exchange with NPCS configuration.

📋 TL;DR

Newforma Info Exchange (NIX) stores encrypted credentials with their encryption key in the same Windows registry location, allowing authenticated users to decrypt and access sensitive credentials. If these are Active Directory credentials, attackers could move laterally to other systems. This affects organizations using Newforma Info Exchange with NPCS configuration.

💻 Affected Systems

Products:

Newforma Info Exchange (NIX)

Versions: All versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations where NPCS (Newforma Project Center Server) credentials are configured and stored in the registry.

📦 What is this software?

Project Center by Newforma

View all CVEs affecting Project Center →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain domain administrator privileges through Active Directory credential theft, leading to full network compromise, data exfiltration, and ransomware deployment.

🟠

Likely Case

Authenticated attackers extract service account credentials to access additional systems and resources within the same network segment.

🟢

If Mitigated

Limited to credential exposure on the local system without lateral movement due to network segmentation and privileged access management.

🌐 Internet-Facing: LOW - Requires authenticated access to the Windows system where NIX is installed.

🏢 Internal Only: MEDIUM - Authenticated users on the same system can exploit this, but requires local access or compromised credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated Windows access to read registry keys and perform decryption operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Newforma vendor advisory for specific version

Vendor Advisory: https://www.newforma.com/security-advisories/

Restart Required: No

Instructions:

1. Apply the latest Newforma Info Exchange update from vendor. 2. Verify registry permissions are properly restricted. 3. Rotate any exposed credentials.

🔧 Temporary Workarounds

Restrict Registry Permissions

Windows

Modify Windows registry permissions to prevent non-administrative users from accessing the credential storage location.

regedit.exe
Navigate to HKLM\Software\WOW6432Node\Newforma\<version>\Credentials
Right-click → Permissions → Remove non-admin users

🧯 If You Can't Patch

Implement strict access controls to limit who can log into NIX servers.
Monitor registry access attempts to the Newforma credential storage location.

🔍 How to Verify

Check if Vulnerable:

Check if registry key HKLM\Software\WOW6432Node\Newforma\<version>\Credentials exists and contains both encrypted data and encryption key values.

Check Version:

Check NIX application version through control panel or vendor documentation.

Verify Fix Applied:

Verify registry permissions restrict access to administrators only and check for updated NIX version.

📡 Detection & Monitoring

Log Indicators:

Windows Security event logs showing registry access to Newforma credential paths by non-admin users
Failed permission attempts to restricted registry keys

Network Indicators:

Unusual authentication attempts from NIX server to other systems using service accounts

SIEM Query:

EventID=4656 AND ObjectName LIKE '%Newforma%Credentials%' AND SubjectUserName NOT IN (admin_users)

📊 Metadata

CVE ID: CVE-2025-35054

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-257

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: October 9, 2025

Last Updated: October 22, 2025

🔗 References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35054 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35054, you might also want to check these: