CVE-2025-10220
Outdated Third-Party NuGet Packages in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4
In short
AxxonSoft Axxon One VMS versions 2.0.0 to 2.0.4 use outdated third-party libraries with known security flaws, allowing remote attackers to execute malicious code or disable security protections. This happens because the software relies on unmaintained or vulnerable components that have not been updated.
Technical detail
CWE-1104 vulnerability affecting NuGet dependencies (Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others) in Axxon One VMS 2.0.0–2.0.4 on Windows. Remote attackers can exploit known vulnerabilities in these third-party packages to achieve arbitrary code execution or security feature bypass without authentication or user interaction required.
Summary generated and translated by AI from the official description.
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
AxxonSoft · AxxonOne C-WerkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →