CVE-2025-10223 is a medium-severity vulnerability classified under CWE-613 (Insufficient Session Expiration) affecting the Web Admin Panel of AxxonSoft's AxxonOne product on Windows platforms prior to version 2.0.3. The vulnerability allows a local or remote authenticated attacker to maintain access to the system even after their privileges have been revoked, by continuing to use an unexpired session token until it naturally expires. This means that once an attacker has authenticated and obtained a session token, if their privileges are later removed or reduced, the session token remains valid and allows continued access at the previous privilege level. This flaw arises from improper session management where session tokens are not invalidated or expired immediately upon privilege changes or logout events. The CVSS 3.1 base score is 5.4, reflecting a medium severity with attack vector being network (remote), low attack complexity, requiring privileges (PR:L), no user interaction, and impacting confidentiality and integrity but not availability. No known exploits are reported in the wild, and no patches are currently linked, indicating that remediation may still be pending or in progress. The vulnerability affects all versions prior to 2.0.3, with the affectedVersions field indicating version 0, likely meaning all versions before the fixed release. The issue is significant in environments where session tokens are long-lived or privilege changes are frequent, as it undermines access control mechanisms by allowing unauthorized persistence of elevated access.

For European organizations using AxxonOne, particularly those relying on its Web Admin Panel for security and surveillance management, this vulnerability poses a risk of unauthorized access persistence. Attackers who have gained authenticated access could retain elevated privileges even after their access rights are revoked, potentially leading to unauthorized viewing or manipulation of surveillance data, configuration changes, or other administrative actions. This undermines confidentiality and integrity of sensitive security operations. The impact is heightened in sectors with strict regulatory requirements for data protection and access control, such as critical infrastructure, government, transportation, and large enterprises. Persistent unauthorized access could facilitate espionage, sabotage, or data leakage. Since the vulnerability requires authenticated access, the initial compromise vector might be phishing, credential theft, or insider threat. The lack of immediate session invalidation could delay detection and remediation efforts, increasing the window of opportunity for attackers. Given the medium CVSS score and the nature of the vulnerability, the threat is moderate but should not be underestimated in high-security environments.

European organizations should prioritize upgrading AxxonOne installations to version 2.0.3 or later where this vulnerability is fixed. Until patching is possible, organizations should implement strict session management policies, including reducing session timeout durations to minimize the window of token validity. Monitoring and logging of session activities should be enhanced to detect unusual or prolonged sessions. Administrators should enforce multi-factor authentication (MFA) to reduce the risk of initial credential compromise. Additionally, immediate manual invalidation of sessions upon privilege changes or user deactivation should be performed if supported by the system. Network segmentation and access controls should limit exposure of the Web Admin Panel to trusted networks and users only. Regular audits of user privileges and session states can help identify lingering sessions with elevated privileges. Finally, educating users and administrators about the risks of session persistence and the importance of timely logout and credential management will help reduce exploitation likelihood.