CVE-2025-10223 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-10223

CWE

https://cwe.mitre.org/data/definitions/613.html

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Axxon_one	Axxonsoft	*	2.0.2 (including)

Potential Mitigations

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories