CNNVD-202510-1250 Information
CNNVD ID
CNNVD-202510-1250
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Newforma Project Center Server是Newforma公司的一个建筑、工程和施工(AEC)行业的项目信息管理解决方案,用于集中存储和管理项目文档和协作。 Newforma Project Center Server 2023.1之前版本存在安全漏洞,该漏洞源于匿名访问默认启用且对UserWeb/Common/MarkupServices.ashx中DownloadExportedPDF命令处理不当,可能导致任意文件读取和删除。
Description (English)
Newforma Project Center Server is a project information management solution for a Newforma construction, engineering and construction (AEC) industry for central storage and management of project files and collaboration. A security loophole existed in the pre-Newforma Project Center Server 2023.1 version, which resulted from the use of anonymous access by default and inappropriate handling of DownloadExported PDF orders in UserWeb/Common/MarkupServices.ashx, which could lead to the reading and deletion of random files.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Newforma
Published
2025-10-09
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35053 https://www.cve.org/CVERecord?id=CVE-2025-35062
Patch
https://www.newforma.com/newforma-project-center/
Share on: