CNNVD-202510-1252 Information

Oct 09, 2025 cve

CNNVD ID

CNNVD-202510-1252

CVE-2025-35051

  • CNNVD Published: 2025-10-09

Description (Chinese)

Newforma Project Center Server是Newforma公司的一个建筑、工程和施工(AEC)行业的项目信息管理解决方案,用于集中存储和管理项目文档和协作。 Newforma Project Center Server存在安全漏洞,该漏洞源于通过ProjectCenter.rem端点接受序列化.NET数据,可能导致远程未经验证的攻击者以NT AUTHORITYNetworkService权限执行任意代码。

Description (English)

Newforma Project Center Server is a project information management solution for a Newforma construction, engineering and construction (AEC) industry for central storage and management of project files and collaboration. Newforma Project Center Server has a security loophole, which stems from the acceptance of sequenced.NET data through ProjectCenter.rem endpoints, which may result in remote unverified assailants executing random codes under NT AUTHORITYNetworkService ’ s authority.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Newforma

Published

2025-10-09

Last Modified

2026-02-24

References

https://projectcenter.help.newforma.com/overviews/info_exchange_overview/ https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json https://www.cve.org/CVERecord?id=CVE-2025-35051

Patch

https://www.newforma.com/newforma-project-center/

Share on: