ExpressVPN bug leaked user IPs in Remote Desktop sessions

ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. Last year, ExpressVPN faced another issue causing DNS request leaks when users enabled the 'slipt tunneling' feature on the Windows client. "As mentioned above, in practice, this issue would most commonly have affected users actively using RDP—a protocol that's generally not used by typical consumers," reads ExpressVPN's advisory. On April 25, 2025, a security researcher known as "Adam-X" reported a vulnerability through ExpressVPN's bug bounty program that exposed RDP and other TCP traffic transmitted over port 3389. The privacy firm notes that the security lapse did not compromise encryption on the tunnels, and the leak scenarios only affect those using Remote Desktop Protocol (RDP), which they consider to be low-risk for their customers. RDP is a Microsoft network protocol that enables users to remotely control Windows systems over a network, used by IT administrators, remote workers, and enterprises. "If a user established a connection using RDP, that traffic could bypass the VPN tunnel," reported ExpressVPN in an announcement. ExpressVPN states that it will strengthen its internal build checks to prevent similar bugs from being introduced in production in the future, including enhanced automation in development testing.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 21 Jul 2025 16:10:14 +0000

Cyber News related to ExpressVPN bug leaked user IPs in Remote Desktop sessions

ExpressVPN Review (2024): Pricing, Features, Pros, & Cons - You can unsubscribe at any ...
9 months ago Techrepublic.com

ExpressVPN bug has been leaking some DNS requests for years - ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - ...
1 year ago Bleepingcomputer.com

ExpressVPN bug leaked user IPs in Remote Desktop sessions - ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. Last year, ExpressVPN faced another issue causing DNS ...
5 days ago Bleepingcomputer.com

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com

The Persistent Danger of Remcos RAT - From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures. This ecosystem is supported by a diverse array of servers that function as command and ...
1 year ago Cyberdefensemagazine.com

Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets - Infostealers infect computers, steal all of the credentials saved in the browser along with active session cookies and other data, then export it back to command and control infrastructure before, in some cases, self-terminating. This article will ...
1 year ago Bleepingcomputer.com

Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
2 years ago Hackread.com Hunters

ExpressVPN Windows Client Vulnerability Exposes Users Real IP Addresses With RDP Connection - The flaw, discovered through the company’s bug bounty program, affected specific versions of the Windows client and allowed TCP traffic over port 3389 to bypass the VPN tunnel, potentially revealing users’ actual network locations to ...
4 days ago Cybersecuritynews.com

70 million account credentials were leaked in a massive password dump - A security researcher has unearthed what appears to be one of the biggest password dumps ever. Over 70 million unique credentials have been leaked on the dark web. ADVERTISEMENT. The news came to light when Troy Hunt, the owner of the popular breach ...
1 year ago Ghacks.net

Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network - These Remote Desktop vulnerabilities were among 72 flaws addressed in Microsoft’s May Patch Tuesday, which also fixed five actively exploited zero-day vulnerabilities, including issues in Windows DWM Core Library, Windows Common Log File System ...
2 months ago Cybersecuritynews.com CVE-2025-29966

Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files - xfce_desktop_window” (behavior_processes:” ; or (behavior_processes:”http” behavior_processes:”.pdf”))Expands detection by combining XFCE environment detection with behaviors involving Google Drive or other ...
2 months ago Cybersecuritynews.com

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com

CVE-2017-3180 - Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an ...
5 years ago

23andMe confirms nearly 7 million customers affected in data leak - Nearly 7 million 23andMe customers had their profile data leaked in a cybersecurity incident in October, a company spokesperson confirmed to SC Media on Monday. The vast majority of the leaked data was scraped from the site's DNA Relatives feature ...
1 year ago Packetstormsecurity.com

GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation - GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent security crisis that threatens organizations ...
4 months ago Cybersecuritynews.com

Microsoft Warns of New StilachiRAT Stealing Remote Desktop Protocol Sessions Data - Microsoft has issued an urgent security advisory regarding a newly discovered malware strain called StilachiRAT, which specifically targets and exfiltrates data from Remote Desktop Protocol (RDP) sessions. Microsoft recommends organizations implement ...
4 months ago Cybersecuritynews.com

CVE-2024-20508 - A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) ...
9 months ago

Killnets Published Collection of Proxy IP Addresses - Cybersecurity researchers have recently released a list of IP addresses used by the pro-Russian group Killnet to neutralize its attacks. This list, which contains over 17,746 IPs, was made public by SecurityScorecard researchers. Since March 2022, ...
2 years ago Heimdalsecurity.com

Hackers Scanning From 24,000 IP’s to Gain Access to Palo Alto Networks - Organizations using Palo Alto Networks products should immediately review their March logs, implement enhanced monitoring, conduct thorough threat hunting, ensure all security patches are applied, and consider blocking identified malicious IPs. Over ...
3 months ago Cybersecuritynews.com CVE-2024-3400

Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions - Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). The policy, named “Windows 11 24H2 ...
3 months ago Cybersecuritynews.com

6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
1 year ago Techrepublic.com

Yandex Source Code Online Leaked, Company Denies Hack - According to analysis from different sources, Yandex source code does not contain user data, but it does contain over 1,900 factors for ranking search results and more. The source code repository of the Yandex search engine and technology giant was ...
2 years ago Hackread.com

The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
2 years ago Hackread.com Hunters

CVE-2021-21381 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an ...
1 year ago