Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 10, 2025
Newforma Info Exchange (NIX) .NET unauthenticated deserialization
CVE-2025-35050
Description
Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server (NPCS), so a compromised NIX system can be used to attack an associated NPCS system. To mitigate this vulnerability, restrict network access to the '/remoteweb/remote.rem' endpoint, for example using the IIS URL Rewrite Module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: *
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.