Summary: A security assessment by Shelltrail has identified three critical vulnerabilities in the IXON VPN client, which could allow attackers to escalate privileges on Windows and Linux systems. The vulnerabilities are linked to improper handling of OpenVPN configuration files, exposing users to potential local privilege escalation risks. IXON has begun implementing fixes while certain details remain undisclosed pending a secure resolution.Affected: IXON (provider of industrial remote access solutions)
Keypoints :
- Three vulnerabilities identified: CVE-2025-ZZZ-01 (undisclosed), CVE-2025-ZZZ-02 (Linux), and CVE-2025-ZZZ-03 (Windows).
- CVE-2025-ZZZ-02 allows attackers on Linux to exploit predictable file storage for local privilege escalation.
- CVE-2025-ZZZ-03 enables attackers on Windows to leverage a race condition for SYSTEM-level code execution.
- IXON has released a patch (version 1.4.4) to mitigate these issues, changing where temporary files are stored.
- Users are advised to upgrade immediately for enhanced security.
- Further updates on CVE identifiers and the undisclosed vulnerability are anticipated.
Source: https://cybersecuritynews.com/ixon-vpn-vulnerabilities-gain-access/