We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-25728



Assignermitre
Reserved2024-02-11
Published2024-02-11
Updated2024-10-30

Description

ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.

References

https://www.bleepingcomputer.com/news/security/expressvpn-bug-has-been-leaking-some-dns-requests-for-years/

https://www.expressvpn.com/blog/windows-app-dns-requests/

cve.org CVE-2024-25728

nvd.nist.gov CVE-2024-25728

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.