CNNVD-202510-1240 Information
CNNVD ID
CNNVD-202510-1240
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Newforma Project Center Server是Newforma公司的一个建筑、工程和施工(AEC)行业的项目信息管理解决方案,用于集中存储和管理项目文档和协作。 Newforma Project Center Server 2023.1之前版本存在安全漏洞,该漏洞源于默认允许匿名身份验证,可能导致未经身份验证的攻击者能够利用需要身份验证的其他漏洞。
Description (English)
Newforma Project Center Server is a project information management solution for a Newforma construction, engineering and construction (AEC) industry for central storage and management of project files and collaboration. A security loophole existed in the pre-Newforma Project Center Server 2023.1, which resulted from the tacit authorization of anonymous identification, and could lead to the ability of an attacker without identification to take advantage of other loopholes requiring identification.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Newforma
Published
2025-10-09
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35062
Patch
https://www.newforma.com/newforma-project-center/
Share on: