CVE-2025-10224 MEDIUM

CVE-2025-10224: Incorrect Evaluation of LDAP Nested Groups during Login in AxxonSoft Axxon One (C-Werk)

Vendor Axxonsoft
Product AxxonOne C-Werk
Weakness CWE-287 · Improper authentication
Published September 10, 2025
Last update October 8, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.

Key dates

02Disclosure timeline

September 10, 2025 CVE published
October 8, 2025 Record updated