CVE-2025-10224 is a medium severity vulnerability identified in AxxonSoft's AxxonOne product, specifically version 2.0.2 and earlier on Windows platforms. The vulnerability stems from improper authentication (CWE-287) within the LDAP authentication engine. During the login process, the system incorrectly evaluates nested LDAP group memberships, which can lead to two main issues: remote authenticated users may be denied access they are entitled to or, more critically, may be misassigned roles. This misassignment could allow users to gain unauthorized privileges or access levels within the AxxonOne system. The vulnerability requires the attacker to be an authenticated user (PR:L), but no user interaction is needed (UI:N), and it can be exploited remotely over the network (AV:N). The impact primarily affects the integrity and availability of the system, as unauthorized role assignments can lead to privilege escalation or denial of legitimate access. The CVSS v3.1 base score is 5.4, reflecting a medium severity level. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability's root cause lies in the LDAP engine's flawed logic when processing nested group memberships, which is a common complexity in LDAP-based authentication systems. This can cause the system to incorrectly interpret group membership hierarchies, leading to improper access control decisions during user authentication and authorization.

For European organizations using AxxonOne, particularly those relying on LDAP for centralized authentication, this vulnerability poses a risk of unauthorized privilege escalation or denial of service to legitimate users. Given that AxxonOne is a video management software often used in security and surveillance contexts, improper role assignments could lead to unauthorized access to sensitive video feeds or control functions, potentially compromising physical security. The integrity of access controls is critical in sectors such as transportation, critical infrastructure, government facilities, and large enterprises prevalent in Europe. Disruption or unauthorized access could result in operational downtime, data confidentiality breaches, or manipulation of surveillance data. Although exploitation requires authenticated access, insider threats or compromised credentials could be leveraged to exploit this vulnerability. The lack of known exploits currently reduces immediate risk, but the medium severity score indicates that organizations should prioritize mitigation to prevent potential future exploitation.

European organizations should implement the following specific mitigations: 1) Immediately audit and review LDAP group structures and nested memberships to ensure they are as simple and clear as possible, reducing the risk of misinterpretation by the authentication engine. 2) Enforce strict credential hygiene and multi-factor authentication (MFA) for all users accessing AxxonOne to reduce the risk of compromised accounts being used to exploit this vulnerability. 3) Monitor and log authentication and authorization events closely to detect anomalies in role assignments or access denials that could indicate exploitation attempts. 4) Engage with AxxonSoft for timely patches or updates addressing this vulnerability and apply them as soon as they become available. 5) Consider implementing compensating controls such as network segmentation and limiting access to the AxxonOne management interfaces only to trusted administrative networks. 6) Conduct regular penetration testing focusing on LDAP authentication flows to identify potential misconfigurations or exploitation paths related to nested group memberships.