PureVPN Security Advisory: Linux Client – IPv6 Leak & Firewall Rule Reset

2 Mins Read

PureVPNPureVPN NewsPureVPN Security Advisory: Linux Client – IPv6 Leak & Firewall Rule Reset

We were recently alerted to two issues in our Linux clients. We want to be transparent by explaining what’s happening, what you can do right now, and how we’re fixing it.

Summary (TL;DR)

We have validated two issues in our Linux clients (GUI v2.10.0 and CLI v2.0.1):

  • IPv6 traffic may leak after suspend or WiFi toggles while the app still shows as connected.
  • Local firewall rules may be reset on connect and not restored on disconnect.

Scope: These issues are limited to Linux clients. They were tested and reproduced on Ubuntu 24.04.3 LTS / kernel 6.8 with iptables-nft backend (per researcher’s report).

Other platforms (Windows, macOS, Android, iOS) are not affected.

Workarounds are available now (disabling IPv6 and reapplying firewall rules) until a patch is released. A fixed client is targeted for release by mid-October.

Impact

  • IPv6 traffic leakage: In certain network scenarios (such as suspend/resume or WiFi toggling), IPv6 traffic may temporarily bypass the VPN tunnel. This could expose a user’s real IPv6 address to IPv6-enabled services (e.g., websites, email).
  • Firewall rules not restored: When the client connects, it replaces existing iptables rules (including those set by UFW, Docker, or custom configurations). After disconnect, these original rules are not automatically restored, which may leave the device with fewer protections than the user had in place before connecting to the VPN.

Workarounds (Until Patch Release)

To stay protected until the update is available, Linux users can:

  1. Disable IPv6 on Linux using this step-by-step guide.
  2. Reapply firewall rules after disconnecting from PureVPN.
  3. Use IPv4-only connections where possible until the patched client is released.

Resolution Timeline

  • Fix in progress: Our engineers are addressing both IPv6 handling and firewall state management.
  • Target release: Updated Linux clients will be rolled out by mid-October.
  • Status updates: This advisory will be updated if the timeline changes.

What’s Changing

  • IPv6 kill switch logic: Hardened to ensure IPv6 traffic is blocked during suspend/resume and WiFi events.
  • Firewall state handling: Client will snapshot and restore firewall rules on connect/disconnect instead of overwriting defaults.
  • Disclosure process: We are formalizing a vulnerability disclosure workflow with a 24-hour acknowledgment SLA and a dedicated intake path (security@purevpn.com + security.txt).

Acknowledgment

We thank Andreas (anagogistis.com) for their contribution and for responsibly disclosing this issue with detailed reproduction steps. Collaborations like these help us improve and protect all users better.

While this issue is limited to Linux clients, we recognize the seriousness of IPv6 leaks and firewall handling. We are moving quickly to release a fix and reinforcing our internal processes to ensure faster acknowledgments and fixes in the future.

If you have questions or discover any potential vulnerabilities, please reach out to us at security@purevpn.com.

Topics :

Related Stories

Top 5 TikTok Alternatives to Explore! Keep the Fun Going

Top 5 TikTok Alternatives to Explore! Keep the Fun Going
Posted on November 4, 2025
Android Secret Codes – Access Your Devices’ Hidden Settings

Android Secret Codes – Access Your Devices’ Hidden Settings
Posted on October 24, 2025
How to Change Your IP Address and Virtual Location with a VPN: 6 Proven Methods

How to Change Your IP Address and Virtual Location with a VPN: 6 Proven Methods
Posted on October 24, 2025

Have Your Say!!