Vital vulnerabilities within the IXON VPN Shopper permit native attackers to realize system-level privileges on Home windows, Linux, and macOS programs.
The failings, tracked as CVE-2025-26168 and CVE-2025-26169, have an effect on variations previous to 1.4.4 and will grant unauthorized customers full management over affected programs by a classy short-term file manipulation approach.
IXON, a Dutch supplier of commercial distant entry options, affords cloud-based VPN providers extensively utilized in industrial programs and operational know-how environments.
XON VPN Shopper Vulnerabilities
The vulnerabilities, uncovered by Andreas Vikerup and Dan Rosenqvist at cybersecurity agency Shelltrail throughout a routine safety evaluation, exploit weaknesses in how the IXON VPN shopper handles configuration information.
The vulnerabilities obtained a CVSS rating of 8.1 (Excessive), indicating their severe nature.
Home windows Exploitation (CVE-2025-26169)
On Home windows programs, attackers can exploit a race situation within the C:WindowsTemp listing, the place the VPN shopper briefly shops configuration information.
By exploiting this vulnerability, an area attacker with restricted privileges can repeatedly overwrite the short-term configuration file with malicious content material utilizing PowerShell.
The assault leverages the truth that the VPN shopper runs as NT AuthoritySYSTEM, giving attackers the flexibility to execute arbitrary code with the best system privileges as soon as the poisoned configuration is processed.
Linux Exploitation (CVE-2025-26168)
The Linux variant of the assault targets the /tmp/vpn_client_openvpn_configuration.ovpn file, which is saved in a world-writable listing.
Researchers found that attackers might create a named pipe (FIFO) at this location utilizing the mkfifo command and inject a malicious OpenVPN configuration.
This configuration can embrace directives like tls-verify with script-security 2, enabling root-level code execution. When the VPN shopper processes this configuration, it executes the attacker’s code with root privileges.
CVEsAffected ProductsImpactExploit PrerequisitesCVSS 3.1 ScoreCVE-2025-26168IXON VPN Shopper (Linux/macOS, ≤v1.4.3)Native Privilege Escalation to root– Native access- Potential to govern /tmp/vpn_client_openvpn_configuration.ovpn8.1 (Excessive)CVE-2025-26169IXON VPN Shopper (Home windows, ≤v1.4.3)Native Privilege Escalation to SYSTEM– Native access- Race situation exploitation in C:WindowsTemp directory8.1 (Excessive)
Patch Launched
IXON has launched model 1.4.4 of its VPN shopper to handle these vulnerabilities. The patch implements safer storage places for configuration information, limiting entry to high-privilege customers solely.
Safety specialists suggest that organizations utilizing IXON VPN Shopper take the next actions instantly:
Replace to model 1.4.4 or later from the official IXON cloud portal
Confirm profitable patching by checking the shopper model within the portal.
Contemplate implementing further entry controls for delicate programs.
Monitor programs for any indicators of compromise or unauthorized entry.
Customers are strongly suggested to improve to the most recent model, confirm profitable set up, and keep away from utilizing any weak releases to make sure the continued safety of their networks and important belongings.
Vulnerability Assault Simulation on How Hackers Quickly Probe Web sites for Entry Factors – Free Webinar
