iXsystems

iXsystems, known for FreeNAS/TrueNAS storage solutions, has a high-severity local vulnerability (CVSS 7.8) that requires low-level user access to exploit and can result in complete compromise of system confidentiality, integrity, and availability. The vulnerability requires no user interaction and affects only the targeted system, making it a serious privilege escalation risk for authenticated local users. Security teams managing iXsystems products should prioritize applying patches after the March 15, 2025 deadline and monitor for suspicious local account activity in the interim.