Security Advisory

CVE-2025-35051

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-09 20:19:43

Last updated 2025-10-10 19:37:30

Assigner cisa-cg

State PUBLISHED

Description

Newforma Project Center Server (NPCS) accepts serialized .NET data via the /ProjectCenter.rem endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with NT AUTHORITYNetworkService privileges. According to the recommended architecture, the vulnerable NPCS endpoint is only accessible on an internal network. To mitigate this vulnerability, restrict network access to NPCS.

← Browse all CVEs View on cve.org ↗