Memory Buffer Vulnerability in AxxonSoft Axxon One on Windows
CVE-2025-10225

8.7HIGH

Key Information:

Vendor: Axxonsoft
Status: Axxonone
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-10225?

An improper restriction of operations within the bounds of a memory buffer in the OpenSSL-based session module of AxxonSoft Axxon One versions 2.0.6 and earlier on Windows can lead to significant security risks. This vulnerability allows remote attackers to exploit the application under high load conditions, potentially causing crashes or unpredictable behavior due to memory reallocation errors when managing expired session keys. Effective protective measures and prompt updates are crucial to mitigate this risk.

Affected Version(s)

AxxonOne Windows 0 <= 2.0.6

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-d...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Sep 10, 2025

Credit

Reported internally during AxxonSoft performance and fault-injection testing.

Axxonsoft

What is CVE-2025-10225?

Affected Version(s)

References

CVSS V4

Timeline

Credit