CVE-2025-35057 is a medium-severity authentication bypass vulnerability affecting Newforma Project Center's Info Exchange (NIX) component, specifically the '/RemoteWeb/IntegrationServices.ashx' endpoint. The flaw allows a remote attacker with no authentication to coerce the vulnerable system into making an SMB connection to an attacker-controlled server. During this forced connection, the system transmits the NTLMv2 hash of the NIX service account. This hash can be captured by the attacker and potentially used in replay attacks or pass-the-hash techniques to impersonate the service account, leading to unauthorized access or lateral movement within the victim's network. The vulnerability is categorized under CWE-294, indicating a failure in proper authentication mechanisms. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), partial attack prerequisites (AT:P) requiring low privileges (PR:L), no user interaction (UI:N), and high impact on confidentiality (VC:H) with no impact on integrity or availability. No patches or known exploits are currently available, but the vulnerability poses a significant risk due to the sensitive nature of the credentials exposed and the potential for further exploitation. The affected product is used primarily in project management within architecture, engineering, and construction industries, which often handle sensitive project data and intellectual property.

For European organizations, the primary impact of this vulnerability is the potential compromise of service account credentials via NTLMv2 hash capture. This can lead to unauthorized access to project management systems, exposure of sensitive project data, and lateral movement within corporate networks. Given the use of Newforma Project Center in sectors like architecture, engineering, and construction, the confidentiality of intellectual property and client data is at risk. Additionally, attackers leveraging captured hashes could escalate privileges or access other network resources, increasing the scope of compromise. The vulnerability could disrupt business operations if attackers use the foothold to deploy ransomware or conduct espionage. Since the vulnerability requires low privileges but no user interaction, it is easier to exploit remotely, increasing the risk for organizations with exposed or poorly segmented networks. The lack of a patch means organizations must rely on compensating controls, increasing operational overhead and risk exposure until remediation is available.

European organizations should implement the following specific mitigations: 1) Immediately restrict outbound SMB traffic from servers running Newforma Project Center to only trusted internal systems, blocking connections to untrusted or external IP addresses. 2) Monitor network traffic for unusual SMB connection attempts, especially those directed to unknown or external hosts, using network intrusion detection systems or SIEM tools. 3) Enforce strict network segmentation to isolate project management servers from other critical infrastructure and limit lateral movement opportunities. 4) Harden service accounts by applying the principle of least privilege and regularly rotating credentials to reduce the impact of captured hashes. 5) Disable or limit NTLM authentication where possible, migrating to more secure authentication protocols like Kerberos. 6) Conduct regular vulnerability scans and penetration tests focusing on SMB and authentication-related weaknesses. 7) Prepare incident response plans specifically addressing credential capture and replay attacks. 8) Engage with Newforma for updates and patches and prioritize patch deployment once available. 9) Educate IT and security teams about this specific threat to ensure rapid detection and response.