axxonsoft 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥 and バッファオーバーフロー があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き、アプリケーションクラッシュ, and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-10227 | Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | 15ede60e-6fda-426e-be9c-e788f151a377 | 5.1 | 0.01% | 2025-09-10 | 2025-12-19 |
| CVE-2025-10226 | Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. | 15ede60e-6fda-426e-be9c-e788f151a377 | 9.3 | 0.85% | 2025-09-10 | 2025-12-19 |
| CVE-2025-10225 | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering memory reallocation errors when handling expired session keys. | 15ede60e-6fda-426e-be9c-e788f151a377 | 8.7 | 0.15% | 2025-09-10 | 2025-10-08 |
| CVE-2025-10224 | Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login. | 15ede60e-6fda-426e-be9c-e788f151a377 | 5.3 | 0.16% | 2025-09-10 | 2025-10-08 |
| CVE-2025-10223 | Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration. | 15ede60e-6fda-426e-be9c-e788f151a377 | 5.3 | 0.05% | 2025-09-10 | 2025-10-08 |
| CVE-2025-10222 | Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to obtain licensing-related information such as timestamps, license states, and registry values via reading diagnostic export files created by the built-in troubleshooting tool. | 15ede60e-6fda-426e-be9c-e788f151a377 | 4.8 | 0.01% | 2025-09-10 | 2025-10-08 |
| CVE-2025-10221 | Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | 15ede60e-6fda-426e-be9c-e788f151a377 | 6.7 | 0.01% | 2025-09-10 | 2025-12-19 |
| CVE-2025-10220 | Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others. | 15ede60e-6fda-426e-be9c-e788f151a377 | 9.3 | 0.90% | 2025-09-10 | 2025-12-19 |
| CVE-2018-7467 | AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI. | [email protected] | 7.5 | 29.97% | 2018-02-27 | 2024-11-21 |