CVE-2025-35050 is a critical vulnerability classified under CWE-502 (Deserialization of Untrusted Data) and CWE-306 (Missing Authentication for Critical Function). It affects Newforma Project Center's Info Exchange (NIX) component, which accepts serialized .NET objects via the '/remoteweb/remote.rem' HTTP endpoint. This endpoint does not require authentication and processes incoming serialized data insecurely, allowing a remote attacker to craft malicious serialized payloads that, when deserialized by the server, lead to arbitrary code execution. The code runs with 'NT AUTHORITY\NetworkService' privileges, a powerful local service account, enabling attackers to execute system-level commands, install malware, or pivot to other internal systems. The vulnerability also threatens the associated Project Center Server (NPCS) because a compromised NIX system can be leveraged to attack NPCS. The vulnerability affects all versions including 2024.3, and was published on October 9, 2025. The CVSS 4.0 score of 9.3 reflects its critical nature, with attack vector being network-based, no authentication or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are publicly reported yet, the ease of exploitation and severity warrant immediate mitigation. Recommended mitigation includes restricting access to the vulnerable endpoint, for example by using IIS URL Rewrite Module to limit network exposure, and monitoring for suspicious activity. Vendors should prioritize releasing patches or updates to fix the unsafe deserialization logic.

For European organizations, this vulnerability poses a severe risk due to the potential for remote, unauthenticated attackers to gain code execution on critical project management infrastructure. Given that Newforma Project Center is widely used in architecture, engineering, and construction industries, which are significant sectors in Europe, exploitation could lead to unauthorized access to sensitive project data, intellectual property theft, disruption of project workflows, and lateral movement within corporate networks. The elevated privileges ('NT AUTHORITY\NetworkService') allow attackers to execute system-level commands, potentially leading to full system compromise, data destruction, or ransomware deployment. Additionally, the ability to pivot from NIX to the Project Center Server increases the attack surface and potential damage. The impact extends to operational continuity, regulatory compliance (e.g., GDPR), and reputational damage. Organizations relying on Newforma products without proper network segmentation or endpoint access controls are particularly vulnerable. The lack of authentication on the vulnerable endpoint exacerbates the risk, making exploitation feasible from any network location with access.

1. Immediately restrict network access to the '/remoteweb/remote.rem' endpoint by implementing access control rules at the web server level, such as using the IIS URL Rewrite Module to block or limit requests to trusted IP addresses only. 2. Employ network segmentation to isolate Newforma Project Center servers from untrusted networks, including the internet and less secure internal segments. 3. Monitor network traffic and server logs for unusual or unexpected serialized .NET payloads targeting the vulnerable endpoint. 4. Engage with Newforma for any available patches or updates addressing this vulnerability and apply them promptly once released. 5. Implement application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block malicious deserialization attempts. 6. Conduct internal audits of all systems interacting with NIX and NPCS to identify potential lateral movement paths and strengthen endpoint security. 7. Educate IT and security teams about this vulnerability to ensure rapid detection and response to any exploitation attempts. 8. Consider temporary disabling or limiting the use of Info Exchange features if feasible until a patch is applied.