Remote Code Execution Risk in AxxonSoft Axxon One VMS by AxxonSoft
CVE-2025-10220

9.3CRITICAL

Key Information:

Vendor: Axxonsoft
Status: Axxonone
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-10220?

AxxonSoft Axxon One VMS versions 2.0.0 to 2.0.4 are vulnerable due to the use of unmaintained third-party components. This weakness allows remote attackers to execute arbitrary code or bypass security features by exploiting vulnerabilities present in outdated NuGet packages like Google.Protobuf, DynamicData, and System.Runtime.CompilerServices.Unsafe. Ensuring that all dependencies are up-to-date and maintained is crucial to mitigate such risks.

Affected Version(s)

AxxonOne Windows 2.0.0 <= 2.0.4

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-d...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Sep 10, 2025

Credit

This issue was identified internally by AxxonSoft QA and Development teams as part of dependency maintenance and security hardening.

Axxonsoft

What is CVE-2025-10220?

Affected Version(s)

References

CVSS V4

Timeline

Credit