IXON VPN Flaws Let Hackers Gain Root on All Systems

IXON, a Dutch provider of industrial remote access solutions, has patched two high-severity vulnerabilities in its VPN Client software that could allow local attackers to escalate privileges to system level on Windows, Linux, and macOS platforms. Tracked as CVE-2025-26168 and CVE-2025-26169, the flaws affect all versions prior to 1.4.4 and were assigned a CVSS score of 8.1.

On Windows, attackers can exploit a race condition in the C:\Windows\Temp directory to overwrite configuration files with malicious content, gaining NT AUTHORITY\SYSTEM privileges. On Linux, the flaw involves manipulating a temporary OpenVPN configuration file in the /tmp directory to execute arbitrary code as root.

IXON has released version 1.4.4 to mitigate the issues by securing configuration file storage. Security experts urge users to upgrade immediately, verify the client version, implement stricter access controls, and monitor for unauthorized activity to protect critical operational technology environments.