CVE-2025-35051 is a critical vulnerability in Newforma Project Center Server (NPCS) that arises from unsafe deserialization of untrusted .NET serialized data sent to the '/ProjectCenter.rem' endpoint, which listens on TCP port 9003. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data) and CWE-306 (Missing Authentication for Critical Function). The flaw allows a remote attacker to send specially crafted serialized data to the NPCS server without any authentication, leading to arbitrary code execution with the privileges of the 'NT AUTHORITY\NetworkService' account. Given the high privileges of this account, successful exploitation can lead to full system compromise, including data theft, system manipulation, or disruption of services. The CVSS v3.1 score of 9.8 reflects the critical nature of this vulnerability, with an attack vector over the network, no required privileges, and no user interaction needed. The vulnerability affects all versions of Newforma Project Center, including the 2024.3 release. According to vendor architecture recommendations, the vulnerable endpoint should only be accessible on internal networks, which implies that external exposure significantly increases risk. No patches or public exploits are currently available, but the vulnerability's nature suggests it could be weaponized quickly once exploited in the wild. This vulnerability is particularly concerning for organizations relying on NPCS for project management in sectors like construction and engineering, where sensitive project data and operational continuity are critical.

The impact of CVE-2025-35051 on European organizations could be severe. Exploitation allows unauthenticated remote attackers to execute arbitrary code on NPCS servers with 'NetworkService' privileges, potentially leading to full system compromise. Confidentiality is at risk as attackers could access sensitive project data, intellectual property, and client information managed by Newforma Project Center. Integrity could be compromised through unauthorized modification or deletion of project files and configurations, disrupting workflows and causing financial and reputational damage. Availability is also threatened, as attackers could disable the service or use the compromised server as a foothold for lateral movement within the internal network. European organizations in architecture, engineering, and construction sectors, which commonly use Newforma Project Center, may face operational disruptions and regulatory compliance issues, especially under GDPR if personal data is exposed. The internal network exposure requirement somewhat limits the attack surface, but insider threats or inadequate network segmentation could facilitate exploitation. The absence of known exploits currently provides a window for proactive mitigation, but the critical severity demands urgent attention.

1. Immediately restrict network access to the NPCS server, ensuring that the '/ProjectCenter.rem' endpoint on TCP port 9003 is accessible only from trusted internal hosts and management consoles. 2. Implement strict network segmentation and firewall rules to isolate the NPCS server from general user networks and untrusted devices. 3. Monitor internal network traffic for unusual or unauthorized connections to port 9003, employing intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics for anomalous serialized .NET data. 4. Enforce least privilege principles on the NPCS server and related infrastructure to limit the impact of potential compromise. 5. Regularly audit and review access logs and system events on NPCS servers to detect early signs of exploitation attempts. 6. Engage with Newforma for updates on patches or security advisories and plan for immediate deployment once available. 7. Consider deploying application-layer gateways or proxies that can validate or block suspicious serialized data payloads if feasible. 8. Educate internal IT and security teams about the vulnerability and the importance of internal network security hygiene to prevent lateral movement. 9. As a longer-term measure, evaluate alternative project management solutions with stronger security postures if patching is delayed.