Newforma Info Exchange (NIX) Limited File Read Vulnerability

A file read vulnerability has been identified in Newforma Info Exchange (NIX) versions prior to 2024.1. The issue arises in the 'StreamStampImage' function of the '/UserWeb/Common/MarkupServices.ashx' endpoint, which accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can exploit this vulnerability to read arbitrary files, depending on the privileges of the NIX application, typically 'NT AUTHORITY\NetworkService', and the capability of 'StreamStampImage' to process the file. The encrypted file path can be generated using a shared, hard-coded secret key, as mentioned in CVE-2025-35052. This vulnerability cannot be exploited by anonymous users, as detailed in CVE-2025-35062.

Impact

Exploitation of this vulnerability allows authenticated attackers to read arbitrary files on the server, potentially leading to the disclosure of sensitive information.

Remediation

Users can upgrade to Newforma Info Exchange version 2024.1 or later to address this vulnerability.