In late August 2025, I submitted two security reports to PureVPN under their VDP. Three weeks later, I’ve received no response, so I decided to publish the findings to inform other users. The issues affect both their GUI (v2.10.0) and CLI (v2.0.1) clients on Linux (tested on Ubuntu 24.04.3 LTS, kernel 6.8.0, iptables-nft backend). Here’s what I found. 1. IPv6 Leaks Off-Tunnel After toggling Wi-Fi or resuming from suspend, the PureVPN client fails to restore IPv6 protections: