![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?#)
-Mafia-The-Old-Country---The-Initiation-Trailer-00-00-54.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2---Reveal-Trailer-00-01-52.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Shares Official Trailer for 'Stick' Starring Owen Wilson [Video]](https://www.iclarified.com/images/news/97264/97264/97264-640.jpg)
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
IXON VPN Client Vulnerability Let Attackers Escalate Privileges
Significant vulnerabilities in the IXON VPN Client allow local attackers to gain system-level privileges on Windows, Linux, and macOS systems. The flaws, tracked as CVE-2025-26168 and CVE-2025-26169, affect versions prior to 1.4.4 and could grant unauthorized users complete control over affected systems through a sophisticated temporary file manipulation technique. IXON, a Dutch provider of industrial […] The post IXON VPN Client Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
Significant vulnerabilities in the IXON VPN Client allow local attackers to gain system-level privileges on Windows, Linux, and macOS systems.
The flaws, tracked as CVE-2025-26168 and CVE-2025-26169, affect versions prior to 1.4.4 and could grant unauthorized users complete control over affected systems through a sophisticated temporary file manipulation technique.
IXON, a Dutch provider of industrial remote access solutions, offers cloud-based VPN services widely used in industrial systems and operational technology environments.
XON VPN Client Vulnerabilities
The vulnerabilities, uncovered by Andreas Vikerup and Dan Rosenqvist at cybersecurity firm Shelltrail during a routine security assessment, exploit weaknesses in how the IXON VPN client handles configuration files.
The vulnerabilities received a CVSS score of 8.1 (High), indicating their serious nature.
Windows Exploitation (CVE-2025-26169)
On Windows systems, attackers can exploit a race condition in the C:\Windows\Temp directory, where the VPN client temporarily stores configuration files.
By exploiting this vulnerability, a local attacker with limited privileges can repeatedly overwrite the temporary configuration file with malicious content using PowerShell.
The attack leverages the fact that the VPN client runs as NT Authority\SYSTEM, giving attackers the ability to execute arbitrary code with the highest system privileges once the poisoned configuration is processed.
Linux Exploitation (CVE-2025-26168)
The Linux variant of the attack targets the /tmp/vpn_client_openvpn_configuration.ovpn file, which is stored in a world-writable directory.
Researchers discovered that attackers could create a named pipe (FIFO) at this location using the mkfifo command and inject a malicious OpenVPN configuration.
This configuration can include directives like tls-verify with script-security 2, enabling root-level code execution. When the VPN client processes this configuration, it executes the attacker’s code with root privileges.
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-26168 IXON VPN Client (Linux/macOS, ≤v1.4.3) Local Privilege Escalation to root – Local access- Ability to manipulate /tmp/vpn_client_openvpn_configuration.ovpn 8.1 (High) CVE-2025-26169 IXON VPN Client (Windows, ≤v1.4.3) Local Privilege Escalation to SYSTEM – Local access- Race condition exploitation in C:\Windows\Temp directory 8.1 (High)
Patch Released
IXON has released version 1.4.4 of its VPN client to address these vulnerabilities. The patch implements more secure storage locations for configuration files, limiting access to high-privilege users only.
Security experts recommend that organizations using IXON VPN Client take the following actions immediately:
- Update to version 1.4.4 or later from the official IXON cloud portal
- Verify successful patching by checking the client version in the portal.
- Consider implementing additional access controls for sensitive systems.
- Monitor systems for any signs of compromise or unauthorized access.
Users are strongly advised to upgrade to the latest version, verify successful installation, and avoid using any vulnerable releases to ensure the continued security of their networks and critical assets.
Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar
The post IXON VPN Client Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
