CNNVD-202510-1248 Information
CNNVD ID
CNNVD-202510-1248
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Newforma Project Center Server是Newforma公司的一个建筑、工程和施工(AEC)行业的项目信息管理解决方案,用于集中存储和管理项目文档和协作。 Newforma Project Center Server 2023.1之前版本存在安全漏洞,该漏洞源于UserWeb/Common/UploadBlueimp.ashx允许经过身份验证的攻击者上传任意文件,可能导致上传和执行Web脚本或其他恶意内容。
Description (English)
Newforma Project Center Server is a project information management solution for a Newforma construction, engineering and construction (AEC) industry for central storage and management of project files and collaboration. A security loophole existed in the pre-Newforma project Center Server 2023.1, which originated from the UserWeb/Common/UploadBrueimp.ashx, which allowed an identified assailant to upload an arbitrary document, which could lead to the uploading and execution of Web scripts or other malicious content.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Newforma
Published
2025-10-09
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35055 https://www.cve.org/CVERecord?id=CVE-2025-35062
Patch
https://www.newforma.com/newforma-project-center/
Share on: