IXON VPN Client Vulnerability Let Attackers Escalate Privileges
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Significant vulnerabilities in the IXON VPN Client allow local attackers to gain system-level privileges on Windows, Linux, and macOS systems.
The flaws, tracked as CVE-2025-26168 and CVE-2025-26169, affect versions prior to 1.4.4 and could grant unauthorized users complete control over affected systems through a sophisticated temporary file manipulation technique.
IXON, a Dutch provider of industrial remote access solutions, offers cloud-based VPN services widely used in industrial systems and operational technology environments.
XON VPN Client Vulnerabilities
The vulnerabilities, uncovered by Andreas Vikerup and Dan Rosenqvist at cybersecurity firm Shelltrail during a routine security assessment, exploit weaknesses in how the IXON VPN client handles configuration files.
The vulnerabilities received a CVSS score of 8.1 (High), indicating their serious nature.
Windows Exploitation (CVE-2025-26169)
On Windows systems, attackers can exploit a race condition in the C:\Windows\Temp directory, where the VPN client temporarily stores configuration files.
The attack leverages the fact that the VPN client runs as NT Authority\SYSTEM, giving attackers the ability to execute arbitrary code with the highest system privileges once the poisoned configuration is processed.
Linux Exploitation (CVE-2025-26168)
The Linux variant of the attack targets the /tmp/vpn_client_openvpn_configuration.ovpn file, which is stored in a world-writable directory.
Researchers discovered that attackers could create a named pipe (FIFO) at this location using the mkfifo command and inject a malicious OpenVPN configuration.
This configuration can include directives like tls-verify with script-security 2, enabling root-level code execution. When the VPN client processes this configuration, it executes the attacker’s code with root privileges.
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-26168IXON VPN Client (Linux/macOS, ≤v1.4.3)Local Privilege Escalation to root– Local access- Ability to manipulate /tmp/vpn_client_openvpn_configuration.ovpn8.1 (High)CVE-2025-26169IXON VPN Client (Windows, ≤v1.4.3)Local Privilege Escalation to SYSTEM– Local access- Race condition exploitation in C:\Windows\Temp directory8.1 (High)
Patch Released
IXON has released version 1.4.4 of its VPN client to address these vulnerabilities. The patch implements more secure storage locations for configuration files, limiting access to high-privilege users only.
Security experts recommend that organizations using IXON VPN Client take the following actions immediately:
Users are strongly advised to upgrade to the latest version, verify successful installation, and avoid using any vulnerable releases to ensure the continued security of their networks and critical assets.
#Cyber_Security #Cyber_Security_News #VPN #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
IXON VPN Client Vulnerability Let Attackers Escalate Privileges
Author: KaaviyaSignificant vulnerabilities in the IXON VPN Client allow local attackers to gain system-level privileges on Windows, Linux, and macOS systems.
The flaws, tracked as CVE-2025-26168 and CVE-2025-26169, affect versions prior to 1.4.4 and could grant unauthorized users complete control over affected systems through a sophisticated temporary file manipulation technique.
IXON, a Dutch provider of industrial remote access solutions, offers cloud-based VPN services widely used in industrial systems and operational technology environments.
XON VPN Client Vulnerabilities
The vulnerabilities, uncovered by Andreas Vikerup and Dan Rosenqvist at cybersecurity firm Shelltrail during a routine security assessment, exploit weaknesses in how the IXON VPN client handles configuration files.
The vulnerabilities received a CVSS score of 8.1 (High), indicating their serious nature.
Windows Exploitation (CVE-2025-26169)
On Windows systems, attackers can exploit a race condition in the C:\Windows\Temp directory, where the VPN client temporarily stores configuration files.
The attack leverages the fact that the VPN client runs as NT Authority\SYSTEM, giving attackers the ability to execute arbitrary code with the highest system privileges once the poisoned configuration is processed.
Linux Exploitation (CVE-2025-26168)
The Linux variant of the attack targets the /tmp/vpn_client_openvpn_configuration.ovpn file, which is stored in a world-writable directory.
Researchers discovered that attackers could create a named pipe (FIFO) at this location using the mkfifo command and inject a malicious OpenVPN configuration.
This configuration can include directives like tls-verify with script-security 2, enabling root-level code execution. When the VPN client processes this configuration, it executes the attacker’s code with root privileges.
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-26168IXON VPN Client (Linux/macOS, ≤v1.4.3)Local Privilege Escalation to root– Local access- Ability to manipulate /tmp/vpn_client_openvpn_configuration.ovpn8.1 (High)CVE-2025-26169IXON VPN Client (Windows, ≤v1.4.3)Local Privilege Escalation to SYSTEM– Local access- Race condition exploitation in C:\Windows\Temp directory8.1 (High)
Patch Released
IXON has released version 1.4.4 of its VPN client to address these vulnerabilities. The patch implements more secure storage locations for configuration files, limiting access to high-privilege users only.
Security experts recommend that organizations using IXON VPN Client take the following actions immediately:
- Update to version 1.4.4 or later from the official IXON cloud portal
- Verify successful patching by checking the client version in the portal.
- Consider implementing additional access controls for sensitive systems.
- Monitor systems for any signs of compromise or unauthorized access.
Users are strongly advised to upgrade to the latest version, verify successful installation, and avoid using any vulnerable releases to ensure the continued security of their networks and critical assets.
#Cyber_Security #Cyber_Security_News #VPN #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
