CVE-2025-10224
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-10-08
Assigner: AxxonSoft
Description
Description
Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axxonsoft | axxon_one | to 2.0.2 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Authentication issue in the LDAP authentication engine of AxxonSoft Axxon One 2.0.2 and earlier on Windows. It allows a remote authenticated user to be denied access or assigned incorrect roles due to incorrect evaluation of nested LDAP group memberships during login.
How can this vulnerability impact me? :
The vulnerability can impact you by causing legitimate users to be denied access or by assigning users incorrect roles, which may lead to unauthorized access or denial of service within the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70