CVE-2025-10220 is a critical security vulnerability identified in AxxonSoft's AxxonOne C-Werk Video Management System (VMS) versions 2.0.0 through 2.0.4 on Windows platforms. The root cause is the use of unmaintained and vulnerable third-party NuGet components, including Google.Protobuf, DynamicData, and System.Runtime.CompilerServices.Unsafe. These components contain known security flaws that have not been patched or updated, leading to a CWE-1104 classification (Use of Unmaintained Third Party Components). This vulnerability allows a remote attacker to execute arbitrary code or bypass security mechanisms without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact spans confidentiality, integrity, and availability, potentially enabling full system compromise. The vulnerability is exploitable over the network with low attack complexity. Although no exploits have been observed in the wild yet, the critical CVSS score of 9.8 underscores the urgency for remediation. The lack of available patches at the time of disclosure necessitates immediate risk mitigation through dependency management and network controls. Given the role of AxxonOne C-Werk in video surveillance and security operations, exploitation could severely disrupt security monitoring and incident response capabilities.

For European organizations, the impact of CVE-2025-10220 is substantial. AxxonOne C-Werk is used in various sectors including public safety, transportation, critical infrastructure, and corporate security. Successful exploitation could lead to unauthorized access to video feeds, manipulation or deletion of surveillance data, and disruption of security operations. This compromises physical security and can facilitate further attacks such as espionage, sabotage, or unauthorized facility access. The integrity and availability of video management systems are critical for real-time monitoring and forensic investigations; thus, their compromise could delay incident detection and response. European entities relying on these systems for regulatory compliance and safety monitoring face legal and reputational risks. The vulnerability’s network-exploitable nature increases the attack surface, especially in interconnected environments. The absence of authentication requirements means attackers can exploit this remotely, potentially from outside organizational networks, increasing the threat to European organizations.

1. Immediate inventory and assessment of AxxonOne C-Werk deployments to identify affected versions (2.0.0 through 2.0.4). 2. Engage with AxxonSoft for official patches or updates; prioritize applying them as soon as they become available. 3. Conduct a thorough review and update of all third-party NuGet dependencies used within the VMS environment to ensure they are maintained and patched. 4. Implement network segmentation to isolate VMS servers from general user networks and restrict access to trusted management hosts only. 5. Deploy intrusion detection and prevention systems (IDS/IPS) with signatures tuned to detect anomalous activity related to known vulnerable components. 6. Monitor network traffic for unusual connections or data exfiltration attempts involving VMS servers. 7. Enforce strict access controls and multi-factor authentication on management interfaces to reduce lateral movement risk. 8. Regularly back up VMS configurations and video data to enable recovery in case of compromise. 9. Conduct security awareness training for administrators on the risks of unmaintained dependencies and supply chain vulnerabilities. 10. Consider alternative VMS solutions with better security track records if patching is delayed or unsupported.