CVE-2025-10226
PostgreSQL Upgrade from v10 to v17.4 in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier to Address Multiple Vulnerabilities
In short
AxxonSoft Axxon One uses an outdated version of PostgreSQL (v10) that contains multiple known security vulnerabilities. A remote attacker can exploit these flaws to gain unauthorized access, run malicious code, or crash the system.
Technical detail
CWE-1395 vulnerability: the application depends on PostgreSQL v10.x which contains multiple unpatched CVEs. Remote attackers can exploit these known vulnerabilities in the PostgreSQL backend to achieve privilege escalation, arbitrary code execution, or denial-of-service without requiring local access. Upgrading to PostgreSQL 17.4 eliminates the vulnerable components.
Summary generated and translated by AI from the official description.
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
AxxonSoft · AxxonOne C-WerkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →