CVE-2025-10223

Summary

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration.

Affected Software

VendorProductVersion RangeStatus
AxxonSoftAxxonOne C-Werk0 <= 2.0.3affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

Workarounds

On earlier versions, administrators should manually log out users when changing access rights.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References