Unrated severityNVD Advisory· Published Sep 10, 2025· Updated Oct 8, 2025

PostgreSQL Upgrade from v10 to v17.4 in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier to Address Multiple Vulnerabilities

CVE-2025-10226

Description

Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4.

Affected products

AxxonSoft/Axxon One (C-Werk)llm-fuzzy
Range: <=2.0.8
AxxonSoft/AxxonOne C-Werkv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisoriesmitre
www.postgresql.org/docs/releasemitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000