Newforma Project Center Server (NPCS) .NET unauthenticated deserialization
Summary
| CVE | CVE-2025-35051 |
|---|---|
| State | PUBLISHED |
| Assigner | cisa-cg |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-10-09 21:15:35 UTC |
| Updated | 2026-04-26 19:04:18 UTC |
| Description | Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS. |
Risk And Classification
Primary CVSS: v4.0 9.2 CRITICAL from 9119a7d8-5eab-497f-8521-727c672e3725
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.002900000 probability, percentile 0.523910000 (date 2026-04-26)
Problem Types: CWE-306 | CWE-502 | CWE-502 CWE-502 Deserialization of Untrusted Data | CWE-306 CWE-306 Missing Authentication for Critical Function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 9119a7d8-5eab-497f-8521-727c672e3725 | Secondary | 9.2 | CRITICAL | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | DECLARED | 7.7 | HIGH | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/MAV:A |
| 3.1 | 9119a7d8-5eab-497f-8521-727c672e3725 | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Newforma | Project Center | 2024.3 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Newforma | Project Center | affected * | Not specified |
| CNA | Newforma | Project Center | affected 2024.3 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| projectcenter.help.newforma.com/overviews/info_exchange_overview | 9119a7d8-5eab-497f-8521-727c672e3725 | projectcenter.help.newforma.com | Product |
| www.cve.org/CVERecord | 9119a7d8-5eab-497f-8521-727c672e3725 | www.cve.org | Third Party Advisory, US Government Resource |
| raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-282-01.json | 9119a7d8-5eab-497f-8521-727c672e3725 | raw.githubusercontent.com | Third Party Advisory |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Shadron Gudmunson,Luke Rindels,Robert McCain,Asjha Stus,Adam Merrill,Ryan Kao,Brian Healy, Sandia National Laboratories Adversarial Modeling and Penetration Testing (AMPT) (en)