axxonsoft CVE Vulnerabilities & Metrics

Focus on axxonsoft vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About axxonsoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with axxonsoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total axxonsoft CVEs: 5
Earliest CVE date: 27 Feb 2018, 21:29 UTC
Latest CVE date: 10 Sep 2025, 13:15 UTC

Latest CVE reference: CVE-2025-10227

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical axxonsoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.0

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS axxonsoft CVEs

These are the five CVEs with the highest CVSS scores for axxonsoft, sorted by severity first and recency.

CVE-2018-7467 axxonsoft Published on 27 Feb 2018, 21:29 UTC (CVSS: 5.0)
AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.
CVE-2025-10227 axxonsoft Published on 10 Sep 2025, 13:15 UTC (CVSS: 0)
Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.
CVE-2025-10226 axxonsoft Published on 10 Sep 2025, 13:15 UTC (CVSS: 0)
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.
CVE-2025-10221 axxonsoft Published on 10 Sep 2025, 13:15 UTC (CVSS: 0)
Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords.
CVE-2025-10220 axxonsoft Published on 10 Sep 2025, 13:15 UTC (CVSS: 0)
Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.

All CVEs for axxonsoft

CVE-2025-10227 axxonsoft vulnerability CVSS: 0 10 Sep 2025, 13:15 UTC

Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.

CVE-2025-10226 axxonsoft vulnerability CVSS: 0 10 Sep 2025, 13:15 UTC

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

CVE-2025-10221 axxonsoft vulnerability CVSS: 0 10 Sep 2025, 13:15 UTC

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords.

CVE-2025-10220 axxonsoft vulnerability CVSS: 0 10 Sep 2025, 13:15 UTC

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.

CVE-2018-7467 axxonsoft vulnerability CVSS: 5.0 27 Feb 2018, 21:29 UTC

AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.