CVE-2025-35053 is a path traversal vulnerability identified in Newforma Project Center, a project information management software widely used in construction and engineering industries. The flaw resides in the endpoint '/UserWeb/Common/MarkupServices.ashx' when processing the 'DownloadExportedPDF' command. Authenticated users can exploit this vulnerability to read and delete arbitrary files on the server with the privileges of the 'NT AUTHORITY\NetworkService' account, which is a highly privileged local service account on Windows systems. This can lead to unauthorized disclosure of sensitive files and potential disruption of service by deleting critical files. Furthermore, versions of Newforma prior to 2023.1 have anonymous access enabled by default (CVE-2025-35062), which allows unauthenticated attackers to gain anonymous access and exploit this vulnerability without credentials. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-73 (External Control of File Name or Path). The CVSS v3.1 base score is 6.4, indicating medium severity, with an attack vector over the network, low attack complexity, privileges required (authenticated user or anonymous if default settings are unchanged), no user interaction, and a scope change due to the ability to affect resources beyond the vulnerable component. No public exploits have been reported yet, but the potential for sensitive data exposure and service disruption is significant. The vulnerability affects all versions up to and including 2024.3, with no patch links currently available, emphasizing the need for immediate mitigation and monitoring.

For European organizations, especially those in construction, engineering, and project management sectors that rely on Newforma Project Center, this vulnerability poses a risk of unauthorized file access and deletion. The exposure of sensitive project documentation, contracts, and proprietary data could lead to confidentiality breaches, regulatory non-compliance (e.g., GDPR), and reputational damage. Deletion of critical files could disrupt project workflows and cause operational downtime. The fact that the vulnerability can be exploited remotely over the network with low complexity and no user interaction increases the risk of automated or targeted attacks. Organizations that have not disabled anonymous access are particularly vulnerable to unauthenticated exploitation, expanding the attack surface. The impact on availability and confidentiality could affect large-scale infrastructure projects and government contracts, which are prevalent in countries with advanced construction sectors. Additionally, the use of the 'NT AUTHORITY\NetworkService' account privileges means attackers could potentially escalate their access or move laterally within the network, increasing the threat to overall enterprise security.

1. Immediately disable anonymous access in Newforma Project Center if running versions prior to 2023.1 to prevent unauthenticated exploitation. 2. Restrict access to the '/UserWeb/Common/MarkupServices.ashx' endpoint using network segmentation, firewalls, or web application firewalls (WAF) to limit exposure. 3. Implement strict file system permissions to ensure that the 'NetworkService' account has minimal necessary privileges and cannot access or delete sensitive files outside designated directories. 4. Monitor logs for unusual file access or deletion activities, especially requests to the vulnerable endpoint and commands like 'DownloadExportedPDF'. 5. Apply principle of least privilege to all service accounts and review service account permissions regularly. 6. Engage with Newforma support or vendor channels to obtain patches or updates as soon as they become available. 7. Conduct internal penetration testing and vulnerability scanning focused on path traversal and file access vulnerabilities. 8. Educate administrators and users about the risks of default configurations and the importance of secure deployment practices. 9. Consider deploying endpoint detection and response (EDR) solutions to detect suspicious activities related to file manipulation. 10. Maintain an incident response plan tailored to potential data breaches or service disruptions stemming from this vulnerability.