CVE-2025-10224

Опубликовано: 10 сент. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 7.1

EPSS Низкий

Описание

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.

Ссылки

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:axxonsoft:axxon_one:*:*:*:*:*:windows:*:*

Версия до 2.0.2 (включая)

EPSS

Процентиль: 49%

0.00257

Низкий

5.4 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-287

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fhmm-mwc4-3cvj

CVSS3: 5.4

github

5 месяцев назад

Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.

EPSS

Процентиль: 49%

0.00257

Низкий

5.4 Medium

CVSS3

7.1 High

CVSS3

Дефекты

CWE-287

NVD-CWE-noinfo