Oops, They Did It Again: ExpressVPN Fixes Another Privacy Leak!

ExpressVPN patched a flaw in its Windows client that exposed users’ real IP addresses by allowing RDP traffic to bypass the VPN tunnel. The bug, present in versions 12.97 to 12.101.0.2-beta, has been fixed in version 12.101.0.45. While encryption remained intact, ExpressVPN emphasized upgrading for full protection.

3P
Published: July 21, 2025 4:09 pmAdded: July 21, 2025 at 9:30 amAssembled by: The Editor
Pro Dashboard

Hot Take:

ExpressVPN’s latest oopsie-daisy with RDP traffic is like ordering a cheeseburger without cheese. The cornerstone of a VPN is to mask your IP, and they let it slip like a greased-up penguin on an ice rink. But hey, they patched it up quicker than a toddler with a band-aid obsession. So, if you were using RDP thinking you were undercover, surprise! Your IP address was the star of the show. But don’t worry, ExpressVPN assures us that their encryption game is still strong; they’ve just got a few more checks to run before the next curtain call.

Key Points:

  • ExpressVPN’s Windows client had a vulnerability causing RDP traffic to bypass the VPN tunnel.
  • The flaw was due to leftover debug code from internal testing.
  • Fix released with version 12.101.0.45 on June 18, 2025.
  • Issue primarily affected users actively using RDP, considered low-risk by ExpressVPN.
  • ExpressVPN will enhance its internal build checks to prevent future issues.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?