CVE-2025-59691
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| purevpn | client | 2.0.1 |
| purevpn | client | 2.10.0 |
| purevpn | client | 2.11.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-669 | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in PureVPN client applications on Linux allows IPv6 traffic to leak outside the VPN tunnel during network events like Wi-Fi reconnect or system resume. In the CLI client, although the VPN auto-reconnects and shows as connected, IPv6 traffic is not properly routed or blocked, exposing the real IPv6 address. In the GUI client, the IPv6 connection remains active after disconnection until the user manually reconnects, also exposing the real IPv6 address. This defeats the VPN's advertised IPv6 leak protection and compromises user privacy.
How can this vulnerability impact me? :
This vulnerability can impact you by exposing your real IPv6 address to external services despite using a VPN, which compromises your privacy and anonymity. It defeats the VPN's protection against IPv6 leaks, potentially allowing third parties to track your real network location and identity when network events occur, such as reconnecting Wi-Fi or resuming the system.