PureVPN
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6822 | Cri | 0.64 | 9.8 | 0.02 | Feb 7, 2018 | In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root. | ||
| CVE-2018-10204 | Hig | 0.57 | 8.8 | 0.02 | Apr 18, 2018 | PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at… | ||
| CVE-2018-7484 | Hig | 0.51 | 7.8 | 0.02 | Feb 26, 2018 | An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load… | ||
| CVE-2025-59692 | Low | 0.24 | 3.7 | 0.00 | Sep 18, 2025 | PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other… | ||
| CVE-2025-59691 | Low | 0.24 | 3.7 | 0.00 | Sep 18, 2025 | PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed… | ||
| CVE-2023-48957 | 0.00 | — | 0.00 | Aug 25, 2024 | PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. | |||
| CVE-2018-18656 | 0.00 | — | 0.00 | Oct 26, 2018 | The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. |
- risk 0.64cvss 9.8epss 0.02
In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unprotected XPC service that can be abused to execute system commands as root.
- risk 0.57cvss 8.8epss 0.02
PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. When configured to use the OpenVPN protocol, the "sevpnclient" service executes "openvpn.exe" using the OpenVPN config file located at…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in PureVPN through 5.19.4.0 on Windows. The client installation grants the Everyone group Full Control permission to the installation directory. In addition, the PureVPNService.exe service, which runs under NT Authority\SYSTEM privileges, tries to load…
- risk 0.24cvss 3.7epss 0.00
PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other…
- risk 0.24cvss 3.7epss 0.00
PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed…
- CVE-2023-48957Aug 25, 2024risk 0.00cvss —epss 0.00
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
- CVE-2018-18656Oct 26, 2018risk 0.00cvss —epss 0.00
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file.