CVE-2025-10221 is a vulnerability classified under CWE-532, which pertains to the insertion of sensitive information into log files. The affected product is the ARP Agent component of AxxonSoft's Axxon One / AxxonNet / C-WerkNet version 2.0.4 and earlier running on Windows platforms. The vulnerability arises because the software logs serialized JSON data containing plaintext passwords into TRACE-level log files. These log files are accessible to local users with limited privileges, allowing them to read sensitive credentials without needing elevated permissions or user interaction. The vulnerability does not affect the integrity or availability of the system but compromises confidentiality by exposing authentication secrets. The CVSS 3.1 base score is 5.5, reflecting a local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). No patches or known exploits have been reported at the time of publication. This vulnerability highlights the risk of improper logging practices that can inadvertently expose sensitive information to unauthorized local users.

For European organizations, this vulnerability poses a confidentiality risk by potentially exposing plaintext credentials stored in log files to local attackers. This could lead to unauthorized access if attackers leverage these credentials to escalate privileges or move laterally within networks. Organizations in sectors such as critical infrastructure, government, transportation, and security—where AxxonSoft products are commonly deployed—may face increased risk. The vulnerability does not directly affect system availability or integrity but could facilitate further attacks if credentials are compromised. Since exploitation requires local access with limited privileges, the threat is more significant in environments where endpoint security is weak or where multiple users share systems. Additionally, compliance with European data protection regulations (e.g., GDPR) may be impacted if sensitive credentials are exposed, potentially leading to legal and reputational consequences.

To mitigate this vulnerability, European organizations should implement strict access controls on log files, ensuring that only authorized administrators can read TRACE-level logs. Disable or limit TRACE logging in production environments to reduce exposure of sensitive data. Regularly audit and monitor log file permissions and access patterns to detect unauthorized access attempts. Employ endpoint security solutions that restrict local user capabilities and prevent unauthorized file reads. Consider encrypting sensitive configuration files and credentials to reduce the risk of exposure. Coordinate with AxxonSoft for updates or patches addressing this issue, and apply them promptly once available. Additionally, implement network segmentation and least privilege principles to limit the impact of compromised credentials. Educate local users and administrators about the risks of local privilege escalation and sensitive data exposure in logs.