Vulnerabilities discovered by Andreas Vikerup and Dan Rosenqvist of Shelltrail in the IXON VPN Client expose critical flaws in how configuration files are handled, earning a high CVSS score of 8.1. On Windows (CVE-2025-26169), a local attacker can exploit a race condition in the C:\Windows\Temp directory, using PowerShell to overwrite temporary configuration files and execute arbitrary code with SYSTEM-level privileges. On Linux (CVE-2025-26168), the flaw involves the world-writable /tmp/vpn_client_openvpn_configuration.ovpn file, where attackers can create a named pipe using mkfifo and inject malicious OpenVPN configurations to gain root access.

‍