CVE-2025-10226

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-10226

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

D

ependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

References
Link Resource
https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories Vendor Advisory
https://www.postgresql.org/docs/release Release Notes
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:axxonsoft:axxon_one:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

19 Dec 2025, 13:54

Type Values Removed Values Added
References () https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories - () https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories - Vendor Advisory
References () https://www.postgresql.org/docs/release - () https://www.postgresql.org/docs/release - Release Notes
CWE NVD-CWE-Other
First Time Microsoft
Axxonsoft axxon One
Linux linux Kernel
Microsoft windows
Linux
Axxonsoft
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:axxonsoft:axxon_one:*:*:*:*:*:*:*:*

08 Oct 2025, 12:15

Type Values Removed Values Added
Summary (en) Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. (en) Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

11 Sep 2025, 17:14

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-10 13:15

Updated : 2025-12-19 13:54

NVD link : CVE-2025-10226

Mitre link : CVE-2025-10226

CVE.ORG link : CVE-2025-10226

JSON object : View

Products Affected

linux

axxonsoft

microsoft

CWE
NVD-CWE-Other