CVE-2025-35056 is a path traversal vulnerability (CWE-22) affecting Newforma Project Center's Info Exchange (NIX) component, specifically the '/UserWeb/Common/MarkupServices.ashx' endpoint's 'StreamStampImage' function. This function accepts an encrypted file path parameter and returns an image of the specified file. Due to improper validation of the pathname, an authenticated attacker can manipulate the encrypted file path to access arbitrary files on the server. The encryption relies on a shared, hard-coded secret key, previously documented in CVE-2025-35052, allowing attackers who know this key to generate valid encrypted paths. The vulnerability is constrained by the privileges of the NIX service, typically running as 'NT AUTHORITY\NetworkService', limiting the scope of accessible files to those readable by this account. Exploitation does not require user interaction but does require authentication, and anonymous users cannot exploit this issue as clarified in CVE-2025-35062. The vulnerability impacts confidentiality by potentially exposing sensitive files but does not affect integrity or availability. No patches have been linked yet, and no known exploits are reported in the wild. The CVSS v3.1 score is 5.0 (medium), reflecting the moderate risk posed by this vulnerability given the authentication requirement and limited privilege context.

For European organizations using Newforma Project Center, this vulnerability poses a risk of unauthorized disclosure of sensitive project files, internal documents, or configuration data accessible to the NetworkService account. Such data leakage could lead to exposure of intellectual property, client information, or internal operational details, potentially violating GDPR requirements concerning data confidentiality and protection. The impact is particularly significant for architecture, engineering, and construction firms that rely on Newforma for project collaboration and document management. While the vulnerability does not allow modification or disruption of services, the confidentiality breach could damage reputation and lead to regulatory penalties. The requirement for authentication reduces the risk from external attackers but insider threats or compromised credentials could enable exploitation. Given the shared secret key is hard-coded, attackers with access to this key can automate attacks, increasing the threat level. The absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks.

European organizations should immediately audit their use of Newforma Project Center and restrict access to the Info Exchange component to trusted users only. Since no official patch is linked, organizations should monitor Newforma's advisories for updates or patches addressing CVE-2025-35056 and CVE-2025-35052. In the interim, consider implementing network-level controls such as IP whitelisting or VPN access to limit exposure. Review and rotate any shared secret keys if possible, and enforce strong authentication and credential management policies to reduce risk of credential compromise. Conduct regular file system permission audits to minimize the data accessible by the NetworkService account. Employ application-layer firewalls or web application firewalls (WAFs) to detect and block suspicious requests targeting the vulnerable endpoint. Additionally, monitor logs for unusual access patterns to the '/UserWeb/Common/MarkupServices.ashx' endpoint. Finally, educate users about the risks of credential sharing and enforce least privilege principles to limit the impact of potential exploitation.