Unrated severityNVD Advisory· Published Oct 9, 2025· Updated Oct 15, 2025
Newforma Info Exchange (NIX) shared hard-coded secret key
CVE-2025-35052
Description
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <= 2024.1
- Range: *
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.