PT-2025-38496 · Unknown · Purevpn Cli Client+1
Anagogistis
·
Published
2025-09-18
·
Updated
2025-09-22
·
CVE-2025-59691
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PureVPN versions 2.0.1 (CLI client) and 2.10.0 (GUI client)
Description
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel during network events, such as Wi-Fi reconnects or system resume. The CLI client auto-reconnects but fails to route or block IPv6 traffic. The GUI client maintains an IPv6 connection after disconnection until a reconnect is initiated. This exposes the user’s real IPv6 address, violating user privacy and defeating IPv6 leak protection.
Recommendations
Update the CLI client to a version later than 2.0.1.
Update the GUI client to a version later than 2.10.0.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Purevpn Cli Client
Purevpn Gui Client