Home

Description

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.

PUBLISHED Reserved 2025-09-10 | Published 2025-09-10 | Updated 2025-10-08 | Assigner AxxonSoft




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1104: Use of Unmaintained Third Party Components

Product status

Default status
unaffected

2.0.0 (semver)
affected

Credits

This issue was identified internally by AxxonSoft QA and Development teams as part of dependency maintenance and security hardening. finder

References

www.axxonsoft.com/...y-disclosure-policy/security-advisories

cve.org (CVE-2025-10220)

nvd.nist.gov (CVE-2025-10220)

Download JSON