PT-2025-41478 · Newforma · Newforma Info Exchange
Adam Merrill
+6
·
Published
2025-10-09
·
Updated
2025-10-22
·
CVE-2025-35062
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Newforma Info Exchange (NIX) versions prior to 2023.1
Description
Newforma Info Exchange (NIX) versions prior to 2023.1, by default, permit anonymous authentication. This allows an unauthenticated attacker to exploit further issues that typically require authentication.
Recommendations
Update to version 2023.1 or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Newforma Info Exchange