CVE-2025-35061 is an authentication bypass vulnerability identified in Newforma Project Center's Info Exchange (NIX) component, specifically within the LegacyIntegrationServices.asmx web service endpoint. The flaw allows a remote attacker with no authentication or user interaction to coerce the NIX server into initiating an SMB connection to an attacker-controlled system. During this connection, the NIX service account's NTLMv2 hash is transmitted, which the attacker can capture. This vulnerability is categorized under CWE-294, indicating improper authentication mechanisms. The attack leverages the SMB protocol's challenge-response authentication to extract credential hashes without needing valid credentials or prior access. The CVSS 4.0 base score is 8.2 (high), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and a high impact on confidentiality. Although no public exploits have been reported, the captured NTLMv2 hashes can be used in offline brute-force attacks or relay attacks to escalate privileges or move laterally within a network. The affected product, Newforma Project Center, is widely used in project information management in architecture, engineering, and construction industries, sectors that often handle sensitive project data and intellectual property. The vulnerability's exploitation could lead to unauthorized access to project data, disruption of project workflows, and potential exposure of sensitive client or design information. The lack of available patches at the time of publication necessitates immediate compensating controls to mitigate risk.

For European organizations, particularly those in architecture, engineering, construction, and related project management sectors, this vulnerability poses a significant risk. The compromise of the NIX service account credentials could allow attackers to gain unauthorized access to project data repositories, manipulate or exfiltrate sensitive information, and disrupt critical project workflows. Given the collaborative nature of these industries and the reliance on shared project data, such breaches could have cascading effects on multiple stakeholders across countries. Additionally, the captured NTLMv2 hashes could facilitate lateral movement within corporate networks, potentially leading to broader compromises beyond the initial target. This risk is heightened in environments where SMB traffic is not adequately monitored or segmented, or where legacy authentication protocols remain in use. The potential exposure of intellectual property and client data could also have legal and reputational consequences under European data protection regulations such as GDPR.

1. Immediately implement network segmentation to isolate the Newforma Project Center servers from untrusted networks and restrict SMB traffic to only trusted hosts. 2. Monitor SMB traffic for unusual outbound connections, especially those targeting external or unknown IP addresses, using network intrusion detection systems (NIDS) or security information and event management (SIEM) tools. 3. Enforce strict access controls and firewall rules to limit inbound access to the LegacyIntegrationServices.asmx endpoint to only authorized internal systems. 4. Disable or restrict legacy authentication protocols such as NTLM where possible, and enforce the use of more secure authentication mechanisms like Kerberos. 5. Regularly audit and rotate service account credentials associated with Newforma Project Center to reduce the window of opportunity for attackers. 6. Engage with Newforma for updates or patches addressing this vulnerability and plan for timely deployment once available. 7. Conduct internal penetration testing and vulnerability assessments focusing on SMB and authentication-related attack vectors. 8. Educate IT and security teams about this specific threat to ensure rapid detection and response to suspicious activities related to SMB connections from NIX servers.