CVE-2025-59692
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-09-19

Assigner: MITRE

Description
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-09-19
Generated
2026-05-07
AI Q&A
2025-09-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59692
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
purevpn client 2.0.1
purevpn client 2.10.0
purevpn client 2.11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-669 The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in PureVPN client applications on Linux up to September 2025, where the software mishandles firewall rules by flushing existing iptables rules and setting default ACCEPT policies when connecting to a VPN server. This removes any manually or automatically configured firewall rules, and upon disconnecting from the VPN, the original firewall rules are not restored. This can leave the system unintentionally exposed to network traffic that was previously blocked.


How can this vulnerability impact me? :

The vulnerability can expose your system to network traffic that was previously blocked by firewall rules, potentially increasing the risk of unauthorized access or attacks. Since the firewall rules are removed and not restored after VPN disconnection, your system's security posture may be weakened without your knowledge.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking your current iptables rules before and after connecting to the PureVPN client. Use commands like 'sudo iptables -L -v -n' to list current firewall rules and verify if rules are flushed or default ACCEPT policies are applied when the VPN connects. Also, monitor if the original firewall rules are restored after disconnecting the VPN.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding use of affected PureVPN client versions (CLI 2.0.1 and GUI 2.10.0) on Linux until a patch is available. Alternatively, manually reapply your firewall rules after connecting or disconnecting the VPN, or use firewall management tools that can restore rules automatically. Consider using other VPN clients that do not flush iptables rules.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart