Anagogistis

**Name of the Vulnerable Software and Affected Versions** PureVPN versions 2.0.1 (CLI client) and 2.10.0 (GUI client) **Description** PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel during network events, such as Wi-Fi reconnects or system resume. The CLI client auto-reconnects but fails to route or block IPv6 traffic. The GUI client maintains an IPv6 connection after disconnection until a reconnect is initiated. This exposes the user’s real IPv6 address, violating user privacy and defeating IPv6 leak protection. **Recommendations** Update the CLI client to a version later than 2.0.1. Update the GUI client to a version later than 2.10.0.

**Name of the Vulnerable Software and Affected Versions** PureVPN versions 2.0.1 and 2.10.0 **Description** PureVPN client applications on Linux mishandle firewalling. The applications flush existing iptables rules and apply default ACCEPT policies when connecting to a VPN server, removing previously configured firewall rules. Upon VPN disconnect, the original firewall state is not restored, potentially exposing the system to network traffic that was previously blocked. **Recommendations** Update to a newer version of the PureVPN client application for Linux.