CVE-2025-10223

MEDIUM

Axxonsoft Axxon One < 2.0.2 - Insufficient Session Expiration

Title source: rule
STIX 2.1

Description

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration.

References (1)

Scores

CVSS v3 5.4
EPSS 0.0005
EPSS Percentile 15.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-613
Status published
Products (1)
axxonsoft/axxon_one < 2.0.2
Published Sep 10, 2025
Tracked Since Feb 18, 2026