CVE-2025-35058 is an authentication bypass vulnerability identified in Newforma Project Center's Info Exchange (NIX) component, specifically in the '/UserWeb/Common/MarkupServices.ashx' endpoint. This flaw allows a remote attacker without any authentication to coerce the vulnerable system into making an SMB connection to an attacker-controlled server. During this connection, the system transmits the NTLMv2 hash of the customer-configured NIX service account. The vulnerability stems from improper authentication mechanisms (CWE-294), enabling an attacker to perform a capture-replay attack by capturing these NTLMv2 hashes. The attacker can then attempt offline brute-force attacks or relay these hashes to gain unauthorized access to the system or network resources. The CVSS 4.0 base score is 8.2 (high), reflecting the vulnerability's network attack vector, low complexity, no user interaction, and high impact on confidentiality. The vulnerability does not affect integrity or availability directly but poses a significant risk to credential confidentiality. No patches or known exploits are currently reported, but the vulnerability's nature suggests it could be exploited with relative ease once weaponized. The affected product is Newforma Project Center, a project information management software widely used in architecture, engineering, and construction industries to manage project data and collaboration.

The primary impact of CVE-2025-35058 is the compromise of the confidentiality of service account credentials used by Newforma Project Center. By capturing NTLMv2 hashes, attackers can attempt offline password cracking or relay attacks, potentially leading to unauthorized access to sensitive project data, internal networks, or other connected systems. For European organizations, especially those in sectors like architecture, engineering, and construction where Newforma Project Center is prevalent, this could result in intellectual property theft, project delays, and reputational damage. The vulnerability also increases the risk of lateral movement within corporate networks if attackers leverage captured credentials effectively. Given the high CVSS score and the lack of required authentication or user interaction, the threat is significant and could be exploited remotely with minimal barriers. The absence of known exploits in the wild currently offers a window for proactive defense, but the potential for rapid exploitation remains high once exploit code becomes available.

1. Monitor and restrict outbound SMB traffic at network boundaries to prevent unauthorized SMB connections to external or untrusted hosts. 2. Implement network segmentation to isolate Newforma Project Center servers from general user networks and limit exposure. 3. Enforce strong, complex passwords and consider multi-factor authentication for service accounts where possible to reduce the risk of successful offline cracking. 4. Regularly audit and monitor authentication logs for unusual SMB connection attempts or NTLM authentication patterns. 5. Apply principle of least privilege to service accounts, restricting their permissions to only what is necessary. 6. Engage with Newforma for official patches or updates addressing this vulnerability and prioritize their deployment once available. 7. Use SMB signing and encryption where supported to mitigate the risk of hash capture and relay attacks. 8. Educate IT and security teams about this vulnerability to ensure rapid detection and response to suspicious activities related to SMB connections.