CVE-2025-10222 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting AxxonSoft's AxxonOne C-Werk Video Management System (VMS) versions 2.0.0 and 2.0.1 running on Windows platforms. The issue arises from the diagnostic dump component, which creates export files for troubleshooting purposes. These diagnostic files contain sensitive licensing-related information such as timestamps, license states, and registry values. Due to insufficient access controls on these files, a local attacker with limited privileges (PR:L) can read these files and extract sensitive data without requiring user interaction (UI:N). The vulnerability has a CVSS v3.1 base score of 3.3, indicating low severity, primarily because it requires local access and only exposes information without affecting integrity or availability. No known exploits have been reported in the wild, and no patches have been linked yet. The exposure of licensing information could potentially aid an attacker in further reconnaissance or license circumvention attempts but does not directly compromise system operations or data integrity. The vulnerability highlights the need for stricter file permission management on diagnostic outputs and careful handling of sensitive information within troubleshooting tools.

For European organizations, the primary impact of CVE-2025-10222 is the unauthorized disclosure of licensing information related to the AxxonOne C-Werk VMS. While this does not directly affect system integrity or availability, exposure of licensing states and timestamps could facilitate further targeted attacks, such as license tampering or unauthorized software use. Organizations with local user threat models—such as those with many employees, contractors, or visitors who have physical or remote local access—are at higher risk. This could be particularly relevant in sectors like critical infrastructure, transportation, or public safety where video management systems are widely deployed. The information leakage could also aid attackers in crafting more effective social engineering or privilege escalation attempts. However, since exploitation requires local access and no remote exploitation vector is known, the overall risk remains limited to insider threats or attackers who have already gained some foothold within the network.

To mitigate this vulnerability, European organizations should implement strict access controls on diagnostic export files generated by the AxxonOne C-Werk VMS. This includes setting file system permissions to restrict read access only to trusted administrators and system processes. Monitoring and auditing local user activity around the creation and access of diagnostic files can help detect unauthorized attempts to read sensitive information. Organizations should also consider disabling or limiting the use of the built-in troubleshooting tool on production systems if not required. Applying the principle of least privilege to local user accounts reduces the risk of exploitation. Since no patches are currently linked, organizations should engage with AxxonSoft for updates or advisories. Additionally, network segmentation and endpoint protection can help prevent attackers from gaining local access in the first place. Finally, educating staff about the risks of local information disclosure and enforcing strong physical and logical access controls will further reduce exposure.