CVE-2025-35051 | Newforma Project Center Server (NPCS) accepts serialized .NE… | CVSS 9.8 CRITICAL

Description

Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS.

Metadata

CVE ID: CVE-2025-35051
State: PUBLISHED
Assigner: cisa-cg
Reserved: 2025-04-15 20:56 UTC
Published: 2025-10-09 20:19 UTC
Last updated: 2025-10-10 19:37 UTC
Primary CWE: CWE-502
CWE-502 Deserialization of Untrusted Data
Vendor / Product: Newforma / Project Center
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Newforma	Project Center	—	*, 2024.3

Weakness (CWE)

CWE	Source	Description
CWE-306	cna	CWE-306 Missing Authentication for Critical Function
CWE-502	cna	CWE-502 Deserialization of Untrusted Data

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/MAV:A

References (3)