{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-10224","assignerOrgId":"15ede60e-6fda-426e-be9c-e788f151a377","state":"PUBLISHED","assignerShortName":"AxxonSoft","dateReserved":"2025-09-10T12:35:55.091Z","datePublished":"2025-09-10T12:36:22.954Z","dateUpdated":"2025-10-08T11:50:36.640Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"AxxonOne C-Werk","vendor":"AxxonSoft","versions":[{"lessThanOrEqual":"2.0.2","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Resolved internally by the AxxonSoft QA and directory integration teams."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login.\n\n<br>"}],"value":"Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One (C-Werk) 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login."}],"impacts":[{"capecId":"CAPEC-114","descriptions":[{"lang":"en","value":"CAPEC-114: Authentication Bypass"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.3,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287: Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"15ede60e-6fda-426e-be9c-e788f151a377","shortName":"AxxonSoft","dateUpdated":"2025-10-08T11:50:36.640Z"},"references":[{"url":"https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to <strong>Axxon One 2.0.2 (C-Werk) or later</strong>, where LDAP resolution logic was updated to recursively parse and flatten nested group structures before evaluating role binding.&nbsp;\n\nEnsure external LDAP directory structures are regularly audited for correct nesting and role mapping.\n\n<br>"}],"value":"Upgrade to Axxon One 2.0.2 (C-Werk) or later, where LDAP resolution logic was updated to recursively parse and flatten nested group structures before evaluating role binding. \n\nEnsure external LDAP directory structures are regularly audited for correct nesting and role mapping."}],"source":{"discovery":"UNKNOWN"},"title":"Incorrect Evaluation of LDAP Nested Groups during Login in AxxonSoft Axxon One (C-Werk)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-09-10T13:13:20.368781Z","id":"CVE-2025-10224","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-10T13:13:47.948Z"}}]}}