2 matches found
CVE-2025-35058
Newforma Info Exchange (NIX) contains a vulnerable endpoint /UserWeb/Common/MarkupServices.ashx that can be triggered by a remote, unauthenticated attacker to force NIX to establish an SMB connection to an attacker‑controlled system, enabling the attacker to capture the NTLMv2 hash of the configu...
CVE-2025-35053 Newforma Info Exchange (NIX) arbitrary file read and delete
Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...