CVE-2025-35054

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange (NIX) (affected versions not specified)

Description Newforma Info Exchange (NIX) stores credentials used to configure NPCS in the registry location 'HKLMSoftwareWOW6432NodeNewformaversionCredentials'. These credentials are encrypted, but the encryption key is also stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If these are Active Directory credentials, an attacker may be able to gain access to additional systems and resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-257CWE-522CWE-922

Related Identifiers

CVE-2025-35054

Affected Products

Newforma Info Exchange

CVE-2025-35054

Weakness Enumeration

Related Identifiers

Affected Products

References · 5