CVE-2025-10223 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-10223
CWE	https://cwe.mitre.org/data/definitions/613.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-10223

CWE

https://cwe.mitre.org/data/definitions/613.html

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Potential Mitigations

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories