CVE-2025-10227

MEDIUM
Published Sep 10, 2025 Modified Dec 19, 2025 CWE-311

Description

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.

CVSS v3.1 Score

4.6
MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

CWE-311 CWE-311

Affected Products

Vendor Product
axxonsoft axxon_one
linux linux_kernel
microsoft windows

References

Frequently Asked Questions

What is CVE-2025-10227? +
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. It has a CVSS v3.1 base score of 4.6 (MEDIUM).
How severe is CVE-2025-10227? +
CVE-2025-10227 has a CVSS v3.1 score of 4.6 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-10227? +
CVE-2025-10227 affects products from axxonsoft, linux, microsoft, specifically: axxon_one, linux_kernel, windows. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-10227? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-36751

Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to …
CVE-2025-40680

Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT …
CVE-2024-7396

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2.
CVE-2024-38283

Sensitive customer information is stored in the device without encryption.
CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the …
CVE-2025-1243

The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-10227 — free, no signup required.

Start Free Scan