CVE-2025-35058 is an authentication bypass vulnerability identified in Newforma Project Center's Info Exchange (NIX) component, specifically in the '/UserWeb/Common/MarkupServices.ashx' endpoint. This flaw allows a remote attacker, without any authentication, to coerce the NIX server into making an SMB connection to a system controlled by the attacker. During this forced connection, the attacker can capture the NTLMv2 hash of the NIX service account configured by the customer. The vulnerability is classified under CWE-294, indicating improper authentication mechanisms that fail to adequately verify the legitimacy of requests. The attack vector requires no user interaction and no privileges, making it easily exploitable remotely over the network. The captured NTLMv2 hash can be subjected to offline cracking attempts or relay attacks, potentially leading to unauthorized access or lateral movement within the victim's network. The CVSS 4.0 base score is 8.2, reflecting a high severity due to the ease of exploitation and the critical nature of credential compromise. Although no public exploits have been reported yet, the vulnerability poses a significant threat to organizations relying on Newforma Project Center for project management and collaboration. The lack of available patches at the time of publication necessitates immediate mitigation strategies to reduce exposure.

For European organizations, the impact of CVE-2025-35058 can be substantial. The theft of NTLMv2 hashes of service accounts used by Newforma Project Center can lead to unauthorized access to sensitive project data, intellectual property, and internal communications. Given that Newforma Project Center is widely used in architecture, engineering, and construction industries, compromised credentials could facilitate espionage, data exfiltration, or disruption of critical project workflows. The vulnerability's ability to be exploited remotely without authentication increases the risk of widespread attacks, especially in environments where the NIX server is exposed or insufficiently segmented. Additionally, attackers leveraging captured hashes may move laterally within corporate networks, escalating privileges and potentially impacting other critical systems. This could result in operational downtime, financial losses, and reputational damage. The vulnerability also raises compliance concerns under GDPR if personal data is accessed or leaked due to exploitation. Organizations with interconnected SMB environments are particularly vulnerable to this type of attack vector.

To mitigate CVE-2025-35058, European organizations should implement the following specific measures: 1) Immediately restrict outbound SMB (ports 445 and 139) traffic from the Newforma Project Center NIX server to only trusted internal systems, blocking any connections to external or untrusted IP addresses. 2) Monitor network traffic for unusual SMB connection attempts originating from the NIX server, using intrusion detection systems or network monitoring tools to detect potential exploitation attempts. 3) Employ SMB signing and enforce strong authentication policies to reduce the risk of NTLM relay attacks. 4) Isolate the NIX server within a segmented network zone with strict access controls to limit exposure. 5) Regularly audit service account usage and rotate credentials to minimize the window of opportunity for attackers. 6) Engage with Newforma for any available patches or updates and apply them promptly once released. 7) Educate IT and security teams about this vulnerability to ensure rapid detection and response. 8) Consider deploying endpoint detection and response (EDR) solutions on the NIX server to identify suspicious activities related to SMB connections or credential theft.