CVE-2025-10220
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code or bypass security features in AxxonSoft Axxon One VMS by exploiting unmaintained third-party NuGet packages. Systems running Axxon One VMS versions 2.0.0 through 2.0.4 on Windows are affected.
💻 Affected Systems
- AxxonSoft Axxon One VMS
📦 What is this software?
Axxon One by Axxonsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Remote code execution allowing attackers to gain control of the VMS system, access surveillance feeds, and pivot to other network systems.
If Mitigated
Limited impact with proper network segmentation, application whitelisting, and strict access controls preventing exploitation.
🎯 Exploit Status
Exploitation leverages known vulnerabilities in third-party packages, making it relatively straightforward for attackers with knowledge of those vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.5 or later
Vendor Advisory: https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories
Restart Required: Yes
Instructions:
1. Download Axxon One VMS version 2.0.5 or later from official vendor sources. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart the system. 5. Verify successful update through version check.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Axxon One VMS systems from internet and restrict network access to only necessary ports and services.
Application Whitelisting
windowsImplement application control policies to prevent execution of unauthorized binaries.
🧯 If You Can't Patch
- Implement strict network access controls and firewall rules to limit exposure
- Deploy intrusion detection systems and monitor for suspicious activity targeting the VMS
🔍 How to Verify
Check if Vulnerable:
Check Axxon One VMS version in the application interface or installation directory. Versions 2.0.0-2.0.4 are vulnerable.Check Version:
Check the version in Axxon One VMS interface under Help > About or examine the installation directory properties.Verify Fix Applied:
Verify the version shows 2.0.5 or higher and check that third-party packages have been updated to secure versions.📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from Axxon One services
- Failed authentication attempts followed by successful exploitation
- Unexpected network connections from VMS system
Network Indicators:
- Unusual outbound connections from VMS system
- Exploit traffic patterns targeting known third-party vulnerabilities
- Command and control beaconing
SIEM Query:
source="axxon_vms" AND (event_type="process_creation" AND process_name NOT IN ("expected_processes")) OR (event_type="network_connection" AND dest_ip NOT IN ("allowed_ips"))