CVE-2025-35057 is a medium-severity authentication bypass vulnerability identified in Newforma Project Center's Info Exchange (NIX) component, specifically in the '/RemoteWeb/IntegrationServices.ashx' endpoint. The vulnerability arises due to improper authentication validation (CWE-294), allowing a remote attacker to cause the NIX service to initiate an SMB connection to an attacker-controlled system without requiring authentication or user interaction. When this SMB connection is made, the attacker can capture the NTLMv2 hash of the NIX service account, which can then be subjected to offline cracking attempts or relay attacks to escalate privileges or move laterally within the victim's network. The vulnerability does not require prior authentication but does require the attacker to induce the SMB connection, which can be done remotely. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), partial attack type (AT:P), low privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality (VC:H) but no impact on integrity or availability. No patches or known exploits are currently available, but the vulnerability's nature suggests it could be leveraged in targeted attacks against organizations using Newforma Project Center, particularly those in sectors relying on project collaboration tools. The vulnerability's exploitation could lead to credential compromise and subsequent unauthorized access to sensitive project data or internal systems.

For European organizations, especially those in architecture, engineering, construction, and project management sectors that use Newforma Project Center, this vulnerability poses a significant risk of credential theft and unauthorized access. The capture of NTLMv2 hashes can enable attackers to perform offline password cracking or relay attacks, potentially leading to lateral movement within corporate networks. This could result in exposure of sensitive project data, intellectual property theft, disruption of project workflows, and damage to business reputation. Given the collaborative nature of these industries and the reliance on integrated project management tools, exploitation could have cascading effects on multiple stakeholders. Additionally, organizations with weak network segmentation or insufficient monitoring of SMB traffic are at higher risk. The medium CVSS score reflects moderate impact, but the ease of exploitation and lack of required user interaction increase the threat's seriousness. European entities involved in critical infrastructure projects may face heightened risks due to the strategic value of their data.

Organizations should implement strict network segmentation to isolate Newforma Project Center servers from untrusted networks and limit SMB traffic to only necessary internal systems. Deploy network monitoring and intrusion detection systems to detect anomalous SMB connection attempts, especially outbound connections to unknown IP addresses. Enforce strong access controls and ensure the NIX service account uses a complex, regularly rotated password to reduce the risk of successful hash cracking. Disable or restrict SMB protocol usage where not essential, particularly SMBv1, and consider SMB signing to prevent relay attacks. Apply the principle of least privilege to service accounts and audit their usage regularly. Since no patches are currently available, consider deploying web application firewalls (WAFs) to block suspicious requests targeting the vulnerable endpoint. Educate IT and security teams about this vulnerability to recognize potential exploitation attempts. Finally, maintain up-to-date backups and incident response plans tailored to credential theft scenarios.