Home

Description

Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords.

PUBLISHED Reserved 2025-09-10 | Published 2025-09-10 | Updated 2025-10-08 | Assigner AxxonSoft




MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

MEDIUM: 6.7CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-532 Insertion of Sensitive Information into Log File

Product status

Default status
unaffected

Any version
affected

Credits

This vulnerability was discovered internally by the AxxonSoft development and QA team. finder

References

www.axxonsoft.com/...y-disclosure-policy/security-advisories

cve.org (CVE-2025-10221)

nvd.nist.gov (CVE-2025-10221)

Download JSON