Fast Facts

• A security researcher found severe privacy flaws in PureVPN’s Linux apps (GUI 2.10.0 and Console 2.0.1) tested on Ubuntu 24.04.3 LTS.
• IPv6 addresses can leak during Wi-Fi reconnections or when waking from sleep, revealing users’ true locations.
• The VPN client wipes out existing firewall rules, leaving systems more exposed after use.
• PureVPN failed to respond to the vulnerability report for three weeks, leaving users uninformed and at risk.
• These issues undermine the core promise of VPNs: keeping users anonymous and secure online.

When Privacy Tools Turn Traitor

Imagine locking your doors for the night, only to find out your security system not only left the back door wide open - but also tossed out your burglar alarm. That’s the chilling scenario facing Linux users of PureVPN, a service marketed as a digital fortress for privacy and anonymity.

In September 2025, Andreas, an independent researcher and author of the Anagogistis blog, uncovered a series of vulnerabilities in PureVPN’s Linux clients. His investigation revealed a cascade of failures: not only did the software leak users’ real IPv6 addresses during certain network events, but it also erased custom firewall settings, exposing users to additional online risks even after disconnecting from the VPN.

How the Cracks Formed

The heart of the problem lies in how PureVPN’s Linux apps handle modern internet protocols and system security. When users reconnect to Wi-Fi or wake their computers from sleep, the VPN tunnel - meant to cloak their identity - momentarily falters. During this window, the system receives new IPv6 network routes from the local router. Instead of channeling this traffic through the encrypted VPN, the client lets it slip out directly, like water through a cracked pipe. For users, this means their real location and identity can be revealed to websites or even surveillance actors.

Worse still, the graphical client blocks only IPv4 traffic after a disconnect, leaving IPv6 data free to roam the open internet until the user manually reconnects. Meanwhile, the console client’s so-called "Kill Switch" feature, intended as a last-resort privacy shield, doesn’t prevent IPv6 leaks during reconnections.

Firewall Fiasco and Industry Parallels

Equally alarming is PureVPN’s heavy-handed approach to firewall management. Upon connecting, the client wipes out all existing firewall rules - including those set by other security tools like UFW or Docker - replacing them with permissive settings. When the VPN disconnects, it leaves the system with its defenses down, a blunder akin to a locksmith removing your deadbolts and never putting them back.

VPN leaks are not new. In the past, services like NordVPN and ProtonVPN have faced scrutiny for IPv6 handling, prompting industry-wide reforms. Yet, the persistence of such flaws in a major provider’s Linux client in 2025 is a stark reminder: privacy tools can become liabilities if not properly audited.

With Linux usage growing among privacy-conscious users and in sensitive sectors, the geopolitical stakes rise. A VPN leak isn’t just a personal risk - it can expose activists, journalists, and businesses operating under repressive regimes.

Silence and Trust Erosion

Perhaps most damning is PureVPN’s response: three weeks of silence after receiving detailed reports and video evidence. In the realm of cybersecurity, timely disclosure and patching are not just best practices - they are lifelines for user trust.

The lesson is clear: when the tools we rely on for secrecy become sources of exposure, the very foundation of digital privacy erodes. Vigilance and transparency must be the norm, not the exception.

WIKICROOK

• VPN (Virtual Private Network): A VPN encrypts your internet connection and hides your IP address, providing extra privacy and security when browsing online or using public Wi-Fi.
• IPv6: IPv6 is the latest Internet Protocol version, offering more IP addresses for devices and improved efficiency, but requires careful security configuration.
• Firewall: A firewall is a digital barrier that monitors and controls network traffic to protect internal systems from unauthorized access and cyber threats.
• Kill Switch: A kill switch is a VPN feature that blocks all internet traffic if the VPN disconnects, preventing your real IP and data from being exposed.
• iptables: iptables is a Linux command-line tool for setting up firewall rules, allowing users to control and secure network traffic on their systems.