Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26169

IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten.

Published

2025-05-07T19:16:07.447

Last Modified

2025-05-08T14:39:09.683

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-732

Affected Vendors & Products

References

https://ixon-cloud.my.salesforce.com/sfc/p/#1t000000vlSF/a/TX000000DQmH/WRGwuYg2iMsKX6NAIK3MygCUOlg0SPQ..YvGWrwfNeM ([email protected])
https://support.ixon.cloud/s/article/VPN-Client-installation-and-uninstallation ([email protected])