ExpressVPN fixed a vulnerability that caused RDP traffic to bypass the VPN tunnel, potentially exposing user IP addresses. The flaw was caused by debug code remnants and affected a small portion of users, with a patch released to enhance security. #ExpressVPN #DebugCode #RDP #VPNLeak
Keypoints
- ExpressVPN identified a flaw where RDP traffic could bypass the VPN tunnel.
- The vulnerability stemmed from debug code inadvertently included in production builds.
- The issue was fixed with an update to version 12.101.0.45 released on June 18, 2025.
- The leak affected mainly RDP users, which is a low-risk protocol for most consumers.
- ExpressVPN plans to improve internal checks to prevent similar bugs in the future.