CVE-2025-10221
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-12-19

Assigner: AxxonSoft

Description
Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10221
EUVD
EUVD-2025-27543
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
axxonsoft axxon_one to 2.0.4 (inc)
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the insertion of sensitive information, specifically plaintext credentials, into log files by the ARP Agent component in AxxonSoft Axxon One / AxxonNet 2.0.4 and earlier on Windows. A local attacker can read TRACE log files that contain serialized JSON data including passwords, thereby obtaining these credentials.

Impact Analysis

The vulnerability allows a local attacker to access plaintext passwords by reading log files, which can lead to unauthorized access to systems or accounts. This compromises the confidentiality of credentials and may facilitate further attacks or data breaches.

Compliance Impact

This vulnerability can negatively impact compliance with standards such as GDPR and HIPAA because it involves exposure of sensitive personal or authentication data. Storing plaintext credentials in logs increases the risk of unauthorized data disclosure, which may violate data protection and privacy requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart