CVE-2025-10227

Medium CVSS: 5.1

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.

Vendor

Axxonsoft

Product

Axxon One

CWE

CWE-311

Yayın Tarihi

2025-09-10 13:15:36

Güncelleme

2025-12-19 13:48:18

Source Identifier

15ede60e-6fda-426e-be9c-e788f151a377

KEV Date Added

Kategoriler

CWE-311 Axxon One MEDIUM Axxonsoft 2025

Referanslar

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories

Benzer Kayıtlar

Medium

CVE-2025-10223

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windo…

Medium

CVE-2025-10224

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on…

High

CVE-2025-10225

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in…

Critical

CVE-2025-10226

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.…

Critical

CVE-2025-10220

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.…

Medium

CVE-2025-10221

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet…