cvedb.io
CVE-2025-10220
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-09-10T13:15:35.350 · Last modified 2026-06-17T08:27:55.587

Summary

Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.

Affected products

axxonsoft — axxon_one

Does this affect you?

Add your gear to cvedb and we'll alert you only when axxonsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.