Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest.
References
| Link | Resource |
|---|---|
| https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
19 Dec 2025, 13:48
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Linux
Axxonsoft axxon One Microsoft Microsoft windows Axxonsoft Linux linux Kernel |
|
| References | () https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories - Vendor Advisory | |
| CPE | cpe:2.3:a:axxonsoft:axxon_one:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
08 Oct 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. |
10 Sep 2025, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-10 13:15
Updated : 2025-12-19 13:48
NVD link : CVE-2025-10227
Mitre link : CVE-2025-10227
CVE.ORG link : CVE-2025-10227
JSON object : View
Products Affected
axxonsoft
- axxon_one
linux
- linux_kernel
microsoft
- windows
CWE
CWE-311
Missing Encryption of Sensitive Data