Newforma Info Exchange SMB Connection Vulnerability via MarkupServices.ashx

Vulnerability

A vulnerability in Newforma Info Exchange (NIX) allows remote, unauthenticated attackers to induce the application to establish an SMB connection with an attacker-controlled system. This exploitation enables the attacker to capture the NTLMv2 hash of the NIX service account configured by the customer. The issue is present in NIX versions prior to 2023.2.

Impact

Exploitation of this vulnerability forces NTLMv2 authentication to an attacker-controlled system, potentially allowing the capture of sensitive authentication hashes.

Added: Oct 9, 2025, 9:29 PM

Updated: Oct 9, 2025, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Newforma Info Exchange SMB Connection Vulnerability via MarkupServices.ashx

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating