CVE-2025-35055 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2025-35055?

CVE-2025-35055 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated attackers to upload arbitrary files to any writable location in Newforma Info Exchange (NIX), potentially enabling web shell deployment and directory deletion. Combined with CVE-2025-35062 (anonymous access enabled by default), unauthenticated attackers can exploit this as 'anonymous' users. Affects NIX installations before version 2023.1.

📋 TL;DR

This vulnerability allows authenticated attackers to upload arbitrary files to any writable location in Newforma Info Exchange (NIX), potentially enabling web shell deployment and directory deletion. Combined with CVE-2025-35062 (anonymous access enabled by default), unauthenticated attackers can exploit this as 'anonymous' users. Affects NIX installations before version 2023.1.

💻 Affected Systems

Products:

Newforma Info Exchange (NIX)

Versions: All versions before 2023.1

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Default configuration with anonymous access enabled (CVE-2025-35062) makes exploitation trivial without authentication.

📦 What is this software?

Project Center by Newforma

View all CVEs affecting Project Center →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via web shell leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Web shell installation allowing persistent access, data exfiltration, and potential privilege escalation.

🟢

If Mitigated

Limited impact if proper authentication controls and file upload restrictions are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Combination with CVE-2025-35062 allows unauthenticated exploitation. Simple HTTP POST requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.1 or later

Vendor Advisory: https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json

Restart Required: Yes

Instructions:

1. Upgrade to NIX version 2023.1 or later. 2. Apply all security patches from Newforma. 3. Restart the NIX application services.

🔧 Temporary Workarounds

Disable Anonymous Access

windows

Disable anonymous user authentication in NIX configuration to prevent unauthenticated exploitation.

Configure in NIX administration panel: Security Settings > Authentication > Disable Anonymous Access

Block Vulnerable Endpoint

windows

Use web application firewall or IIS URL rewrite to block access to '/UserWeb/Common/UploadBlueimp.ashx'.

IIS URL Rewrite rule: <rule name="BlockUploadBlueimp" stopProcessing="true"><match url="^UserWeb/Common/UploadBlueimp\.ashx" /><action type="AbortRequest" /></rule>

🧯 If You Can't Patch

Implement strict network segmentation to isolate NIX servers from critical systems.
Deploy web application firewall with file upload filtering and malicious content detection.

🔍 How to Verify

Check if Vulnerable:

Check NIX version in administration panel. If version is below 2023.1, system is vulnerable.

Check Version:

Check NIX web interface: Admin > System Information > Version

Verify Fix Applied:

Verify NIX version is 2023.1 or later. Test that anonymous access is disabled and the upload endpoint rejects unauthorized requests.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to '/UserWeb/Common/UploadBlueimp.ashx' with suspicious file extensions (.aspx, .php, .jsp)
Unauthenticated access attempts to upload endpoints
File creation in unexpected web directories

Network Indicators:

Unusual outbound connections from NIX server
HTTP requests with webshell payloads in POST data

SIEM Query:

source="iis" AND (url="*UploadBlueimp.ashx*" OR cs_uri_stem="/UserWeb/Common/UploadBlueimp.ashx") AND (cs_method="POST")

📊 Metadata

CVE ID: CVE-2025-35055

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.28% exploit probability (50.8th percentile)

Published: October 9, 2025

Last Updated: October 22, 2025

🔗 References

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35055 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-35062 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-35055, you might also want to check these: