CVE-2025-10226

Critical CVSS: 9.3

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

Vendor

Axxonsoft

Product

Axxon One

CWE

NVD-CWE-Other

Yayın Tarihi

2025-09-10 13:15:36

Güncelleme

2025-12-19 13:54:04

Source Identifier

15ede60e-6fda-426e-be9c-e788f151a377

KEV Date Added

Kategoriler

NVD-CWE-Other Axxon One CRITICAL Axxonsoft 2025

Referanslar

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories https://www.postgresql.org/docs/release

Benzer Kayıtlar

Medium

CVE-2025-10223

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windo…

Medium

CVE-2025-10224

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on…

High

CVE-2025-10225

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in…

Medium

CVE-2025-10227

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2…

Critical

CVE-2025-10220

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.…

Medium

CVE-2025-10221

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet…