CVE-2025-10223 MEDIUM

CVE-2025-10223: Improper Session Cleanup on Role Removal in Web Admin Panel in AxxonSoft Axxon One (C-Werk)

Vendor Axxonsoft
Product AxxonOne C-Werk
Weakness CWE-613 · Insufficient session expiration
Published September 10, 2025
Last update October 8, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One (C-Werk) prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access with removed privileges via continued use of an unexpired session token until natural expiration.

Key dates

02Disclosure timeline

September 10, 2025 CVE published
October 8, 2025 Record updated