CVE-2025-10226

Summary

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

Affected Software

VendorProductVersion RangeStatus
AxxonSoftAxxonOne C-Werk0 <= 2.0.8affected

Weaknesses

  • CWE-1395: CWE-1395: Dependency on Vulnerable Third-Party Component

Workarounds

For environments unable to upgrade immediately, limit database exposure (network segmentation, firewalling).

Regularly monitor PostgreSQL security advisories for backported patches.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References