CVE-2025-10221
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-12-19
Assigner: AxxonSoft
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axxonsoft | axxon_one | to 2.0.4 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the insertion of sensitive information, specifically plaintext credentials, into log files by the ARP Agent component in AxxonSoft Axxon One / AxxonNet 2.0.4 and earlier on Windows. A local attacker can read TRACE log files that contain serialized JSON data including passwords, thereby obtaining these credentials.
How can this vulnerability impact me? :
The vulnerability allows a local attacker to access plaintext passwords by reading log files, which can lead to unauthorized access to systems or accounts. This compromises the confidentiality of credentials and may facilitate further attacks or data breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards such as GDPR and HIPAA because it involves exposure of sensitive personal or authentication data. Storing plaintext credentials in logs increases the risk of unauthorized data disclosure, which may violate data protection and privacy requirements.