Privilege Escalation and Code Execution Vulnerability in AxxonSoft Axxon One
CVE-2025-10226

9.3CRITICAL

Key Information:

Vendor: Axxonsoft
Status: Axxonone
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-10226?

AxxonSoft Axxon One versions 2.0.8 and earlier on both Windows and Linux platforms are susceptible to a vulnerability due to reliance on a vulnerable third-party component. An attacker can exploit multiple known CVEs in PostgreSQL v10.x to escalate privileges, execute arbitrary code, or create a denial-of-service condition. It is crucial to upgrade to PostgreSQL 17.4, which mitigates these security issues.

Affected Version(s)

AxxonOne Windows 0 <= 2.0.8

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-d...

https://www.postgresql.org/docs/release

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Sep 10, 2025

Credit

Implemented internally by the AxxonSoft DevOps and QA Security teams.

Axxonsoft

What is CVE-2025-10226?

Affected Version(s)

References

CVSS V4

Timeline

Credit