IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM cve-icon cve-icon
https://support.ixon.cloud/s/article/VPN-Client-installation-and-uninstallation cve-icon cve-icon
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00019}

 epss

{'score': 0.0002}

Wed, 07 May 2025 19:00:00 +0000

Type Values Removed Values Added
Description IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-05-07T00:00:00.000Z

Updated: 2025-05-07T20:16:27.341Z

Reserved: 2025-02-07T00:00:00.000Z

Link: CVE-2025-26168

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-05-07T19:16:07.290

Modified: 2025-05-08T14:39:09.683

Link: CVE-2025-26168

cve-icon Redhat

No data.