CVE-2025-10222 is a security vulnerability identified in AxxonSoft's AxxonOne Video Management System (VMS) versions 2.0.0 through 2.0.1 on Windows platforms. The vulnerability is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. Specifically, this issue arises from the diagnostic dump component within the software's built-in troubleshooting tool. When this tool generates diagnostic export files, it inadvertently includes sensitive licensing-related information such as timestamps, license states, and registry values. Because these diagnostic files are accessible to local users, a local attacker with limited privileges (low-level privileges) can read these files and extract sensitive licensing data. The vulnerability has a CVSS v3.1 base score of 3.3, indicating a low severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), but no user interaction (UI:N). The impact is limited to confidentiality (C:L), with no impact on integrity or availability. There are no known exploits in the wild, and no patches have been published at the time of this report. This vulnerability does not allow remote exploitation or privilege escalation but could potentially aid an attacker in understanding licensing mechanisms or preparing further attacks if combined with other vulnerabilities.

For European organizations using AxxonOne VMS version 2.0.0 or 2.0.1 on Windows, this vulnerability poses a limited but non-negligible risk. The exposure of licensing information could potentially facilitate unauthorized use or manipulation of licensing, which might lead to compliance issues or unauthorized software usage. Although the direct impact on system confidentiality, integrity, or availability is low, the leakage of licensing data could assist attackers in crafting more sophisticated attacks or bypassing licensing controls. In environments where AxxonOne is integrated with critical security infrastructure, such as video surveillance in public safety, transportation, or critical infrastructure sectors, even low-severity vulnerabilities warrant attention to maintain overall security posture. However, since exploitation requires local access, the risk is mitigated in well-segmented and access-controlled environments. The absence of remote exploitation reduces the threat surface, but insider threats or compromised local accounts could exploit this vulnerability.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict local access to systems running vulnerable versions of AxxonOne by enforcing strict access controls and user permissions, ensuring only trusted administrators can access diagnostic export files. 2) Monitor and audit access to diagnostic dump files to detect any unauthorized reading attempts. 3) Disable or limit the use of the diagnostic dump feature unless necessary for troubleshooting, and securely delete diagnostic files after use. 4) Apply principle of least privilege to all local accounts to minimize the risk of exploitation by low-privilege users. 5) Engage with AxxonSoft for updates or patches addressing this vulnerability and plan timely upgrades to fixed versions once available. 6) Consider encrypting or otherwise protecting diagnostic export files if custom configurations allow. 7) Incorporate this vulnerability into internal risk assessments and incident response plans to ensure readiness in case of exploitation.