CVE-2025-10226
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-12-19
Assigner: AxxonSoft
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axxonsoft | axxon_one | to 2.0.8 (inc) |
| linux | linux_kernel | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-Other |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to the use of a vulnerable third-party component, specifically PostgreSQL version 10.x, within the AxxonSoft Axxon One 2.0.8 backend on Windows and Linux. It allows a remote attacker to exploit multiple known security issues in PostgreSQL 10.x to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. These issues have been fixed in PostgreSQL version 17.4.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a remote attacker to gain higher privileges than intended, run malicious code on the affected system, or disrupt service availability by causing denial-of-service. This can lead to unauthorized access, data compromise, or system downtime.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade PostgreSQL to version 17.4 or later, as this version resolves the multiple known CVEs present in PostgreSQL v10.x that are exploited in this vulnerability.