Vulnerability cyber

ExpressVPN

Jul 23, 2025 1 min read
ExpressVPN

A critical security vulnerability in ExpressVPN Windows desktop application exposed users’ real IP addresses when using Remote Desktop Protocol (RDP) connections. The flaw, discovered through the company’s bug bounty program, affected specific versions of the Windows client and allowed TCP traffic over port 3389 to bypass the VPN tunnel. This potentially revealed users’ actual network locations to internet service providers and network observers. The vulnerability did not compromise the encryption of RDP sessions but created a significant privacy breach by allowing third parties to identify both the user’s connection to ExpressVPN and their access to specific remote servers. ExpressVPN patched the issue with version 12.101.0.45.

Source: https://cybersecuritynews.com/expressvpn-windows-client-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/expressvpn

"id": "exp959072325",
"linkid": "expressvpn",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"
{'affected_entities': [{'customers_affected': 'Enterprise RDP users',
                        'industry': 'Cybersecurity',
                        'name': 'ExpressVPN',
                        'type': 'Company'}],
 'attack_vector': 'Remote Desktop Protocol (RDP) connections',
 'data_breach': {'type_of_data_compromised': 'Real IP addresses'},
 'description': 'A critical security vulnerability in ExpressVPN Windows '
                'desktop application that could expose users’ real IP '
                'addresses when using Remote Desktop Protocol (RDP) '
                'connections.',
 'impact': {'data_compromised': 'Real IP addresses',
            'systems_affected': 'ExpressVPN Windows application versions 12.97 '
                                'through 12.101.0.2-beta'},
 'lessons_learned': ['Implement enhanced internal safeguards',
                     'Conduct rigorous automated testing protocols'],
 'post_incident_analysis': {'corrective_actions': ['Comprehensive fix in '
                                                   'version 12.101.0.45',
                                                   'Enhanced internal '
                                                   'safeguards',
                                                   'Rigorous automated testing '
                                                   'protocols'],
                            'root_causes': 'Debug code in production builds '
                                           'causing routing failure'},
 'recommendations': ['Users should update to the latest version of the '
                     'ExpressVPN Windows application'],
 'references': [{'source': 'ExpressVPN'}],
 'response': {'remediation_measures': ['Comprehensive fix in version '
                                       '12.101.0.45',
                                       'Enhanced internal safeguards',
                                       'Rigorous automated testing protocols']},
 'title': 'ExpressVPN Windows App RDP Leak Vulnerability',
 'type': 'Vulnerability',
 'vulnerability_exploited': 'Debug code in production builds causing routing '
                            'failure'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.