Vulnerability Database

308,379

Total vulnerabilities in the database

CVE-2025-10224

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.

Published: Sep 10, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-10224
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
axxonsoft / axxon_one	-	2.0.2.x

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo