CVE-2025-35059 is an open redirect vulnerability classified under CWE-601 found in Newforma Project Center's Info Exchange (NIX) module. The vulnerability exists in the '/DownloadWeb/hyperlinkredirect.aspx' endpoint, which accepts a parameter named 'nhl' that controls the redirection target URL. Because the redirect is unauthenticated and lacks proper validation or sanitization of the 'nhl' parameter, an attacker can craft a URL that appears to originate from the legitimate Newforma domain but redirects users to arbitrary external websites. This type of vulnerability is often exploited in phishing campaigns to trick users into visiting malicious sites while appearing to come from a trusted source. The CVSS 3.1 score of 4.3 reflects a medium severity level, indicating that while the vulnerability does not directly compromise confidentiality or availability, it can impact integrity by misleading users. Exploitation requires user interaction, such as clicking on a malicious link. No authentication or privileges are required to exploit this vulnerability, increasing its accessibility to attackers. Currently, there are no known public exploits or patches available, indicating that organizations should proactively implement mitigations. The vulnerability affects all versions of Newforma Project Center as indicated, suggesting a broad exposure for users of this product. Given Newforma's focus on project management and construction industries, the threat is particularly relevant to organizations in these sectors.

For European organizations, the primary impact of CVE-2025-35059 is the potential for social engineering and phishing attacks leveraging trusted Newforma URLs to redirect users to malicious sites. This can lead to credential theft, malware infections, or further exploitation via drive-by downloads. Although the vulnerability does not directly expose sensitive data or disrupt service availability, the loss of user trust and the risk of secondary attacks can have significant operational and reputational consequences. Organizations relying on Newforma Project Center for project collaboration and document management may see increased risk of targeted phishing campaigns against employees, contractors, or partners. The medium severity rating reflects that the vulnerability is not critical but still poses a meaningful risk, especially in environments where users may be less security-aware or where phishing defenses are weak. The lack of authentication requirement means attackers can exploit this vulnerability externally without insider access. The absence of known exploits in the wild provides a window for mitigation before active exploitation occurs.

1. Implement strict URL validation and sanitization on the 'nhl' parameter within Newforma Project Center if possible, or request a patch from the vendor as soon as it becomes available. 2. Deploy web application firewalls (WAFs) with custom rules to detect and block suspicious redirect attempts involving the vulnerable endpoint. 3. Educate users and employees about the risks of clicking on unexpected or suspicious links, especially those appearing to originate from internal project management tools. 4. Use email and web filtering solutions to detect and block phishing attempts that leverage the open redirect vulnerability. 5. Monitor logs for unusual redirect URL patterns or spikes in traffic to the vulnerable endpoint. 6. Consider network-level controls to restrict outbound connections to untrusted domains from user workstations. 7. Coordinate with Newforma support and subscribe to vendor advisories to receive updates on patches or workarounds. 8. If feasible, temporarily disable or restrict access to the '/DownloadWeb/hyperlinkredirect.aspx' endpoint until a fix is applied.