CVE-2025-10221 is a medium-severity vulnerability classified under CWE-532, which involves the insertion of sensitive information into log files. This vulnerability affects the ARP Agent component of AxxonSoft's Axxon One / AxxonNet software versions 2.0.4 and earlier running on Windows platforms. Specifically, the ARP Agent improperly logs sensitive data, including plaintext credentials, within TRACE log files. These logs contain serialized JSON objects that include passwords, making them accessible to any local user with read permissions to the log files. The vulnerability requires local access with low privileges (local attacker with limited privileges) but does not require user interaction. The CVSS 3.1 base score is 5.5, reflecting medium severity, with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N indicating local attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. No known exploits are currently in the wild, and no patches have been published at the time of disclosure. The core issue is the insecure handling of sensitive credentials in logs, which can lead to unauthorized disclosure if an attacker gains local access to the system and can read these TRACE log files. This vulnerability does not allow remote exploitation or direct system compromise but can facilitate credential theft and subsequent lateral movement or privilege escalation within the affected environment.

For European organizations using AxxonSoft Axxon One / AxxonNet 2.0.4 or earlier on Windows, this vulnerability poses a risk of credential exposure to local attackers. In environments where multiple users have local access or where endpoint security is weak, an attacker could leverage this vulnerability to obtain plaintext passwords from log files, potentially leading to unauthorized access to the AxxonNet system or other connected resources. This could compromise the confidentiality of surveillance or security management systems, which are critical in sectors such as transportation, public safety, and critical infrastructure. Although the vulnerability does not directly impact system integrity or availability, the exposure of credentials can facilitate further attacks, including privilege escalation and lateral movement. European organizations with strict data protection regulations (e.g., GDPR) must consider the risk of sensitive information leakage and the potential regulatory consequences of such a breach. The impact is heightened in environments where local user access controls are insufficient or where log files are not properly secured or monitored.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict local access to systems running AxxonNet ARP Agent to trusted personnel only, minimizing the risk of unauthorized local users reading sensitive logs. 2) Immediately audit and secure TRACE log files by setting strict file permissions to prevent unauthorized read access. 3) Monitor and review log files regularly for sensitive information leakage and consider disabling TRACE-level logging if not essential for troubleshooting. 4) Implement endpoint security controls such as application whitelisting and host-based intrusion detection to detect and prevent unauthorized access to log files. 5) Segregate systems running AxxonNet components within secure network zones with limited user access. 6) Engage with AxxonSoft for updates or patches addressing this vulnerability and plan for timely deployment once available. 7) Educate system administrators and users about the risks of local credential exposure and enforce strong password policies and multi-factor authentication to reduce the impact of compromised credentials. 8) Consider encrypting sensitive log data or using secure logging mechanisms that avoid storing plaintext credentials.