CVE-2025-26168

Name of the Vulnerable Software and Affected Versions IXON VPN Client versions prior to 1.4.4

Description The issue allows Local Privilege Escalation to root due to code execution from a configuration file that can be controlled by a low-privileged user. A race condition exists in which a temporary configuration file, located in a world-writable directory, can be overwritten.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the world-writable directory containing the temporary configuration file to minimize the risk of exploitation.