Missing Encryption Vulnerability in AxxonSoft Axxon One for Windows and Linux
CVE-2025-10227

5.1MEDIUM

Key Information:

Vendor: Axxonsoft
Status: Axxonone
Vendor: CVE Published:; 10 September 2025

What is CVE-2025-10227?

The Object Archive component in AxxonSoft Axxon One prior to version 2.0.8 presents a significant security risk due to missing encryption of sensitive data. This vulnerability permits local attackers, who have access to exported storage devices or compromised physical drives, to extract sensitive archive data in an unencrypted format. Without adequate encryption measures in place, sensitive information could be exposed, posing a considerable risk to data confidentiality and integrity.

Affected Version(s)

AxxonOne Windows 0 <= 2.0.8

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-d...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Sep 10, 2025

Credit

Security improvement delivered internally by the AxxonSoft storage engineering group.

Axxonsoft

What is CVE-2025-10227?

Affected Version(s)

References

CVSS V4

Timeline

Credit