CVE-2025-35050 is a critical vulnerability affecting Newforma Project Center, specifically its Newforma Info Exchange (NIX) component. The issue stems from the deserialization of untrusted .NET serialized data submitted to the '/remoteweb/remote.rem' endpoint. Deserialization vulnerabilities (CWE-502) occur when applications deserialize data without sufficient validation, allowing attackers to craft malicious payloads that execute arbitrary code during the deserialization process. In this case, the endpoint accepts serialized data without authentication or authorization, enabling remote, unauthenticated attackers to exploit the flaw. Successful exploitation grants code execution with NT AUTHORITY\NetworkService privileges, a powerful local service account on Windows systems. This elevated privilege level allows attackers to compromise the NIX system and pivot to attack the associated Newforma Project Center Server (NPCS), potentially leading to full system compromise. The vulnerability affects all versions including 2024.3 and earlier. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) reflects network attack vector, low attack complexity, no authentication or user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploits are known yet, the critical nature and ease of exploitation make this a high-risk vulnerability. Mitigation recommendations include restricting access to the vulnerable endpoint, for example by using IIS URL Rewrite Module to limit network exposure, and monitoring for suspicious activity. Vendors and users should prioritize patching once available.

For European organizations, this vulnerability poses a severe risk due to the critical nature of the affected software in project management and construction sectors. Exploitation can lead to unauthorized remote code execution, resulting in data breaches, operational disruption, and lateral movement within networks. Confidential project data, intellectual property, and client information could be exposed or altered, damaging business reputation and compliance posture, especially under GDPR. The ability to compromise both NIX and NPCS systems increases the attack surface and potential damage. Organizations relying on Newforma Project Center for managing large-scale projects may face significant downtime and financial losses if exploited. The unauthenticated nature of the vulnerability means attackers can exploit it without prior access, increasing the likelihood of attacks. Given the critical CVSS score and privilege level gained, the impact on confidentiality, integrity, and availability is high.

1. Immediately restrict network access to the '/remoteweb/remote.rem' endpoint by implementing firewall rules or network segmentation to limit exposure only to trusted hosts. 2. Use IIS URL Rewrite Module or equivalent web server controls to block or filter requests to the vulnerable endpoint from untrusted sources. 3. Monitor logs and network traffic for unusual or unexpected requests targeting the '/remoteweb/remote.rem' endpoint. 4. Coordinate with Newforma for official patches or updates and apply them promptly once released. 5. Conduct internal audits of systems running Newforma Project Center to identify and isolate vulnerable instances. 6. Employ application-layer firewalls or intrusion prevention systems with custom rules to detect and block malicious serialized payloads. 7. Educate IT and security teams about the vulnerability to ensure rapid response to any indicators of compromise. 8. Consider deploying endpoint detection and response (EDR) solutions to detect post-exploitation activities related to NT AUTHORITY\NetworkService privilege misuse.