- A security researcher has found deficiencies with two of Purevpns Linux clients
- The affected apps can leak IPV6 traffic under certain circumstances and interfere with local firewall -settings
- Purevpn has confirmed that the team is working to patch these missing in mid -October
A security researcher has found two problems with Pure VPNs Linux applications -one affects IPV6 traffic and the other system Firewall.
Andreas, a Greek Linux expert operating under the name Anagogistis discovered that both GUI V2.10.0 and CLI V2.0.1 versions of Purevpns Linux clients can leak IPV6 traffic outside the encrypted tunnel.
When you connect with both of these Linux VPN -Apps, Purevpn also disrupts the local Firewall settings that “can affect users who depend on lasting firewall rules for local security,” Anagogistis notes in its report.
After the reported findings allegedly unanswered for over three weeks, Friday (September 19, 2025), Purevpn confirmed that the team is working to patch these shortcomings in mid -October. The provider also ensures that no other platforms (Windows, MacOS, Android, iOS) are affected.
Both security expert and the provider suggest some solutions to all Purevpns Linux users until the correction is released.
IPV6 Leak and Firewall Misconfigurations – What is at stake for Purevpn users
During the test, for example, leaks occur after a network transition, such as suspending or resuming an Ethernet connection or switching Wi-Fi.
“As far as I can tell, there is no leakage during normal sessions without network disorder,” writes Anagogistis.
When an IPV6 leakage occurs, sites or E email services may have access to users’ real locations and track their activities -exactly what you are trying to prevent by using the best VPN services.
Purevpn -Client Delicious IPV6 on Linux! I submitted a detailed report to @Purevpncom but got no response after 3+ weeks. So I wrote a blog post today with demos and findings to inform other users: https: //t.co/7t2xcuzx23September 17, 2025
Both of these Linux clients also show signs of Firewall -Mis understandings.
Specifically, according to the app connected, the existing IPT rules (meaning the command lines that define how the Linux core handles the data packages). However, when the user connects to the virtual private network (VPN) software, the original device’s settings are not restored.
This leaves the system in another firewall mode compared to its original configuration. Something that Purevpn explains, “can leave the device with fewer protection than the user had in place before connecting to VPN.”
Purevpns Linux apps were both tested and reproduced on Ubuntu 24.04.3 LTS with core 6.8 and Iptables-Nft-backend.
We contacted Purevpn to know more about the risk of users and what lies behind these shortcomings, but we are still waiting for a response at the writing.
How to remain safe
While the Purevpn team is working to release a technical solution to these vulnerabilities, you must seriously consider taking some active steps to protect your data.
Purevpn suggests that users should:
- Disable IPV6 manually at system level.
- Use firewall rules after disconnecting from Purevpn.
- Use only IPV4 connections where possible until the patched client is released.
All in all, Purevpn said: “Although this problem is limited to Linux clients, we recognize the seriousness of IPV6 leaks and firewall handling. We are moving quickly to release a solution and reinforce our internal processes to ensure faster recognitions and corrections in the future.”
