CVE-2025-10227

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-10227

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

M

issing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.

References
Link Resource
https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:axxonsoft:axxon_one:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

19 Dec 2025, 13:48

Type Values Removed Values Added
References () https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories - () https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories - Vendor Advisory
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:axxonsoft:axxon_one:*:*:*:*:*:*:*:*
First Time Microsoft
Axxonsoft axxon One
Linux linux Kernel
Microsoft windows
Linux
Axxonsoft

08 Oct 2025, 12:15

Type Values Removed Values Added
Summary (en) Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. (en) Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.

11 Sep 2025, 17:14

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-10 13:15

Updated : 2025-12-19 13:48

NVD link : CVE-2025-10227

Mitre link : CVE-2025-10227

CVE.ORG link : CVE-2025-10227

JSON object : View

Products Affected

linux

axxonsoft

microsoft

CWE
CWE-311

Missing Encryption of Sensitive Data