ExpressVPN has updated its Windows app to patch a vulnerability that can highlight the user’s IP address for observers.
As one of the best VPNs, expressVN is very safe but may have mistakes. The provider said blog post This code was for internal testing “accidentally made it in the production build.”
Under only specific circumstances the users were affected, but bug meant that traffic was not being rooted as expected through the VPN tunnel – although the encryption was not affected.
ExpressVN worked quickly to fix vulnerability and is recommending all its Windows VPN users to upgrade to the latest version of the app.
Got your way 12.97 to 12.101.0.2-beeta in production production versions production production versions for internal testing.
The provider’s Bag Bounty Program was informed by the Security Researcher Adam-X in April 2025-ExpressVPN was informed in April 2025-where security researchers can earn cash prizes for reporting weaknesses and faults.
ExpressVPN said his team confirmed and confirmed the report within hours.
Territories centered around distance desktop protocol (RDP). According to expressVPN, there was only one risk when the RDP connection was used or when the other TCP traffic port 3389 was rooted.
ExpressVPN said “If a user establishes a connection using RDP, it can bypass the traffic VPN tunnel.”
“It did not affect encryption, but it meant that traffic from RDP connection was not routed as expected through expresswpn.”
It states that observers such as Internet service providers can see that a user was connected to expresswpn and he was using RDP to reach the remote server – information that would usually be preserved.
RDP is usually used in the enterprise environment, and therefore most users were unaffected. However, ExpressVN stated that it considers “any risk for privacy unacceptable”.
Five days later, a fix was released in the version 12.101.0.45. The researcher confirmed that the issue was resolved and ExpressVN discontinued the report in late June.
How serious it can be?
ExpressVN analyzed the issues and admitted that “the possibility of exploitation of the real world was extremely low.”
Given the fact that most expressVN user enterprises are unlike customers, the provider said “the number of affected users is likely to decrease.”
To take advantage of vulnerability for a hacker, they must know about the bug and find a way to root traffic on port 3389. This can be done to compromise a user to click on malicious links or to compromise a popular website to launch a drive-by attack-when the user was associated with VPN.
As displayed by Adam-X, a user’s actual IP address may appear. But browsing activity could not be seen and encryption was not compromised.
ExpressVPN said it was grateful to its community for informing potential issues and suggesting reforms. The provider will strengthen its internal security measures to ensure that it does not happen again.
We test and review VPN services in terms of legal recreational uses. For example: 1. Using a service from another country (subject to the terms and conditions of that service). 2. Protect your online security and strengthen your online privacy abroad. We do not support or condemn the illegal or malicious use of VPN services. Consuming pirated materials that are paid, neither support nor approved by future publication.
