{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-35051","assignerOrgId":"9119a7d8-5eab-497f-8521-727c672e3725","state":"PUBLISHED","assignerShortName":"cisa-cg","dateReserved":"2025-04-15T20:56:24.405Z","datePublished":"2025-10-09T20:19:43.826Z","dateUpdated":"2025-10-10T19:37:30.156Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS."}],"affected":[{"vendor":"Newforma","product":"Project Center","defaultStatus":"unknown","versions":[{"version":"*","status":"affected"},{"version":"2024.3","status":"affected"}]}],"problemTypes":[{"descriptions":[{"description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE","cweId":"CWE-502"}]},{"descriptions":[{"description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE","cweId":"CWE-306"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"cvssV4_0":{"version":"4.0","baseScore":7.7,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/MAV:A","userInteraction":"NONE","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","subIntegrityImpact":"NONE","vulnIntegrityImpact":"HIGH","modifiedAttackVector":"ADJACENT","subAvailabilityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnConfidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-08-15T18:11:09.018573Z","id":"CVE-2025-35051","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"Newforma Project Center Server (NPCS) .NET unauthenticated deserialization","references":[{"name":"url","url":"https://projectcenter.help.newforma.com/overviews/info_exchange_overview/"},{"name":"url","url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json"},{"name":"url","url":"https://www.cve.org/CVERecord?id=CVE-2025-35051"}],"credits":[{"value":"Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT)","lang":"en"}],"datePublic":"2025-10-09T00:00:00.000Z","providerMetadata":{"orgId":"9119a7d8-5eab-497f-8521-727c672e3725","shortName":"cisa-cg","dateUpdated":"2025-10-09T20:19:43.826Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-10T19:37:16.907081Z","id":"CVE-2025-35051","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-10T19:37:30.156Z"}}]}}