CVE-2025-35054 is a vulnerability classified under CWE-922 (Insecure Storage of Sensitive Information) affecting Newforma Project Center, a project information management software widely used in architecture, engineering, and construction sectors. The vulnerability arises because Newforma Info Exchange (NIX) stores credentials used to configure the Newforma Project Center Server (NPCS) in the Windows registry path 'HKLM\Software\WOW6432Node\Newforma\<version>\Credentials'. While these credentials are encrypted, the encryption key is stored in the same registry location, effectively nullifying the encryption protection. Any authenticated user on the local machine can access the registry keys and extract both the encrypted credentials and the encryption key, allowing them to decrypt the stored credentials. If these credentials correspond to Active Directory accounts, an attacker could use them to move laterally within the enterprise network, accessing additional systems and sensitive resources. The vulnerability requires local authenticated access but does not require user interaction, making it exploitable by any user with standard privileges on the host. The CVSS v3.1 score is 5.3, reflecting a medium severity impact with low attack complexity and limited privileges required. There are no known public exploits or patches available at the time of publication, increasing the urgency for organizations to implement compensating controls. This vulnerability also relates to CWE-522 (Insufficiently Protected Credentials) and CWE-257 (Storing Passwords in a Recoverable Format), highlighting poor credential management practices within the product. Given the nature of the vulnerability, it poses a risk of credential compromise, potential privilege escalation, and lateral movement within affected environments.

For European organizations, this vulnerability could lead to unauthorized access to sensitive project management systems and potentially broader Active Directory environments if compromised credentials are reused or have elevated privileges. The confidentiality of stored credentials is directly impacted, risking exposure of sensitive authentication data. Integrity and availability impacts are moderate since attackers could manipulate project data or disrupt services using compromised credentials. The vulnerability facilitates lateral movement within networks, increasing the attack surface and risk of further compromise. Organizations in sectors relying heavily on Newforma Project Center, such as construction, engineering, and architecture firms, may face operational disruptions and data breaches. Additionally, regulatory compliance risks arise under GDPR if personal or sensitive data is accessed or exfiltrated due to this vulnerability. The requirement for local authenticated access limits remote exploitation but insider threats or compromised user accounts could still exploit this flaw. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks, especially in high-value environments.

1. Restrict local access to systems running Newforma Project Center to trusted administrators only, minimizing the number of users with authenticated local access. 2. Implement strict access control policies and monitor registry access on affected systems to detect unauthorized attempts to read credential storage locations. 3. Employ endpoint detection and response (EDR) solutions to identify suspicious behavior indicative of credential harvesting or lateral movement. 4. Regularly audit and rotate credentials stored by Newforma Project Center, especially Active Directory accounts, to limit exposure duration. 5. Use least privilege principles for service accounts and avoid using high-privilege Active Directory accounts for NPCS configuration. 6. Isolate critical project management servers within segmented network zones to reduce the impact of credential compromise. 7. Monitor Active Directory for unusual authentication patterns that could indicate misuse of compromised credentials. 8. Engage with Newforma for updates or patches addressing this vulnerability and apply them promptly once available. 9. Consider additional encryption or vaulting solutions external to the registry for storing sensitive credentials if possible. 10. Educate local users about the risks of credential exposure and enforce strong endpoint security hygiene.