CVE-2025-10225 HIGH

CVE-2025-10225: Incorrect Memory Allocation in OpenSSL-Based Session Module in AxxonSoft Axxon One (C-Werk)

Vendor Axxonsoft
Product AxxonOne C-Werk
Weakness CWE-119
Published September 10, 2025
Last update October 8, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One (C-Werk) 2.0.6 and earlier on Windows allows a remote attacker under high load conditions to cause application crashes or unpredictable behavior via triggering memory reallocation errors when handling expired session keys.

Key dates

02Disclosure timeline

September 10, 2025 CVE published
October 8, 2025 Record updated