- A safety researcher has discovered flaws with two of PureVPN’s Linux purchasers
- The impacted apps might leak IPv6 site visitors beneath sure circumstances and intervene with native firewall settings
- PureVPN has confirmed the staff is working to patch these flaws by mid-October
A safety researcher has discovered two points with Pure VPN’s Linux functions – one affecting IPv6 site visitors and the opposite the system firewall.
Andreas, a Greek Linux skilled who operates beneath the identify of Anagogistis, found that each the GUI v2.10.0 and CLI v2.0.1 variations of PureVPN’s Linux purchasers can leak IPv6 site visitors exterior the encrypted tunnel.
When connecting with each these Linux VPN apps, PureVPN additionally interferes with the native firewall settings, which “might have an effect on customers counting on persistent firewall guidelines for native safety,” Anagogistis notes in his report.
After the reported findings allegedly went unanswered for over three weeks, on Friday (September 19, 2025), PureVPN confirmed the staff is working to patch these flaws by mid-October. The supplier additionally ensures that no different platforms (Home windows, macOS, Android, iOS) are affected.
Each the safety skilled and the supplier are suggesting some workarounds to all PureVPN’s Linux customers till the repair is launched.
IPv6 leak and firewall misconfigurations – what’s at stake for PureVPN customers
As per Anagogistis’ report printed on Wednesday, September 17, each PureVPN’s Linux purchasers (GUI v2.10.0 and CLI v2.0.1) might leak IPv6 beneath some particular situations.
For instance, in the course of the take a look at, leaks happen after a community transition, resembling suspending or resuming an Ethernet connection or toggling Wi-Fi.
“So far as I can inform, there is no such thing as a leak throughout regular periods with out community disruption,” writes Anagogistis.
When an IPv6 leak happens, web sites or electronic mail providers might have entry to customers’ actual areas and observe their actions – precisely what you are attempting to stop by utilizing the most effective VPN providers.
PureVPN shopper leaks IPv6 on Linux!I submitted an in depth report back to @PureVPNcom, however received no response after 3+ weeks. So I wrote a weblog publish in the present day with demos and findings to tell different customers:https://t.co/7t2XcUZX23September 17, 2025
Each these Linux purchasers additionally present indicators of firewall misconfigurations.
Particularly, after the app connects, it replaces present iptables guidelines (that means the command traces that outline how the Linux kernel handles the information packets). When the person disconnects the digital non-public community (VPN) software program, nonetheless, the unique gadget’s settings fail to be restored.
This leaves the system in a distinct firewall state in comparison with its preliminary configuration. One thing that, as PureVPN explains, “might go away the gadget with fewer protections than the person had in place earlier than connecting to the VPN.”
PureVPN’s Linux apps have been each examined and reproduced on Ubuntu 24.04.3 LTS with kernel 6.8 and iptables-nft backend.
We contacted PureVPN to know extra concerning the threat for customers and what’s behind these flaws, however we’re nonetheless ready for a reply on the time of writing.
How one can keep secure
Whereas the staff at PureVPN work on releasing a technical repair to those vulnerabilities, you need to severely contemplate to take some energetic steps to guard your information.
PureVPN suggests customers ought to:
- Disable IPv6 manually on the system stage.
- Reapply firewall guidelines after disconnecting from PureVPN.
- Use IPv4-only connections the place doable till the patched shopper is launched.
All in all, PureVPN stated: “Whereas this problem is proscribed to Linux purchasers, we acknowledge the seriousness of IPv6 leaks and firewall dealing with. We’re shifting rapidly to launch a repair and reinforcing our inner processes to make sure quicker acknowledgments and fixes sooner or later.”
You may also like
