CVE-2025-10226 — CRITICAL (9.8)

Q: How severe is CVE-2025-10226?

CVE-2025-10226 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-10226?

Check the references section above for vendor advisories and patch information. Affected products include: Axxonsoft Axxon One, Linux Linux Kernel, Microsoft Windows.

Vulnerability Description

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Axxonsoft	Axxon One	<= 2.0.8
Linux	Linux Kernel	-
Microsoft	Windows	-

References

https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/securiVendor Advisory
https://www.postgresql.org/docs/releaseRelease Notes

FAQ

What is CVE-2025-10226?

CVE-2025-10226 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileg...

How severe is CVE-2025-10226?

CVE-2025-10226 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-10226?

Check the references section above for vendor advisories and patch information. Affected products include: Axxonsoft Axxon One, Linux Linux Kernel, Microsoft Windows.