CVE-2025-10226
CRITICALDescription
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| axxonsoft | axxon_one |
| linux | linux_kernel |
| microsoft | windows |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-10226? +
How severe is CVE-2025-10226? +
What products are affected by CVE-2025-10226? +
How do I check if I'm vulnerable to CVE-2025-10226? +
Related Vulnerabilities
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 …
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon …
Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / …
Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows …
Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a …
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows …