CVE-2025-26168

IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM
https://support.ixon.cloud/s/article/VPN-Client-installation-and-uninstallation

Configurations

No configuration.

History

08 May 2025, 14:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-07 19:16

Updated : 2025-05-08 14:39

NVD link : CVE-2025-26168

Mitre link : CVE-2025-26168

CVE.ORG link : CVE-2025-26168

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

8.1 /10