Security Advisory

CVE-2025-35052

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-09 20:20:00

Last updated 2025-10-15 16:15:19

Assigner cisa-cg

State PUBLISHED

Description

Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the qs parameter used in /DownloadWeb/download.aspx. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys.

← Browse all CVEs View on cve.org ↗