CVE-2025-35055 – Newforma Info Exchange (NIX) insecure file upload

CVE ID : CVE-2025-35055

Published : Oct. 9, 2025, 8:20 p.m. | 17 minutes ago

Description : Newforma Info Exchange (NIX) ‘/UserWeb/Common/UploadBlueimp.ashx’ allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete directories. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as ‘anonymous’ and exploit this file upload vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…