CVE-2025-10223 addresses a vulnerability categorized under CWE-613 (Insufficient Session Expiration) found in the Web Admin Panel of AxxonSoft's AxxonOne C-Werk software versions prior to 2.0.3 on Windows platforms. The issue arises because session tokens remain valid even after the associated user's privileges have been revoked or removed, allowing an attacker who has already authenticated to continue accessing the system with the previous level of access until the session token naturally expires. This flaw can be exploited by both local and remote authenticated attackers without requiring additional user interaction, making it easier to maintain unauthorized access. The vulnerability affects confidentiality and integrity by enabling attackers to perform actions beyond their current privileges, potentially accessing sensitive video surveillance data or altering system configurations. The CVSS v3.1 score is 5.4 (medium), reflecting a network attack vector with low complexity, requiring privileges but no user interaction, and impacting confidentiality and integrity but not availability. No patches or exploit code were listed at the time of publication, and no known exploits in the wild have been reported. The vulnerability highlights the importance of proper session management, especially in security-critical applications like video surveillance management systems.

For European organizations, especially those in sectors such as critical infrastructure, public safety, transportation, and large enterprises relying on AxxonOne C-Werk for video surveillance and security management, this vulnerability poses a risk of unauthorized prolonged access. Attackers who gain initial authenticated access—potentially through compromised credentials or insider threats—can retain access even after their privileges are revoked, undermining access control policies. This can lead to unauthorized viewing or manipulation of surveillance feeds, tampering with security configurations, or data leakage. The impact on confidentiality and integrity can have regulatory and operational consequences, including violations of GDPR if personal data is exposed. The lack of availability impact reduces the risk of service disruption but does not diminish the threat to data security and trust. Organizations with complex user role management and frequent privilege changes are particularly vulnerable to this issue.

To mitigate CVE-2025-10223, organizations should promptly upgrade AxxonOne C-Werk to version 2.0.3 or later where the session expiration issue is addressed. In addition, administrators should implement strict session management policies, including reducing session timeout durations and enforcing session invalidation immediately upon privilege changes or user logout. Monitoring and logging of session activities should be enhanced to detect anomalous prolonged sessions. Employing multi-factor authentication (MFA) can reduce the risk of initial unauthorized access. Network segmentation and limiting administrative access to trusted hosts can further reduce exposure. Regular audits of user privileges and session states will help identify and remediate lingering sessions. If immediate patching is not feasible, consider disabling remote administrative access or restricting it via VPN and IP whitelisting until the update is applied.