CVE-2025-59691
LOWDescription
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-59691? +
How severe is CVE-2025-59691? +
How do I check if I'm vulnerable to CVE-2025-59691? +
Related Vulnerabilities
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable …
mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the …
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if …
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that …
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides …
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process …