CVE-2023-48957 – The PureVPN Linux client 2.0.2-Productions fail... (How to Fix)

Q: What is the severity of CVE-2023-48957?

CVE-2023-48957 has a CVSS score of 5.3 (MEDIUM). The PureVPN Linux client 2.0.2-Productions fails to properly route DNS queries through the VPN tunnel, allowing DNS requests to leak to ISP or default DNS servers. This affects Linux users running the vulnerable PureVPN client version, potentially exposing their DNS queries and revealing browsing activity despite using a VPN.

📋 TL;DR

The PureVPN Linux client 2.0.2-Productions fails to properly route DNS queries through the VPN tunnel, allowing DNS requests to leak to ISP or default DNS servers. This affects Linux users running the vulnerable PureVPN client version, potentially exposing their DNS queries and revealing browsing activity despite using a VPN.

💻 Affected Systems

Products:

PureVPN Linux Client

Versions: 2.0.2-Productions

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific Linux client version; other platforms and versions may not be vulnerable.

📦 What is this software?

Purevpn by Purevpn

View all CVEs affecting Purevpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete DNS query leakage revealing all domains visited by the user, enabling ISP surveillance, targeted attacks based on browsing patterns, and potential deanonymization despite VPN usage.

🟠

Likely Case

Intermittent DNS leaks revealing some browsing activity to ISP or network operators, compromising privacy expectations of VPN users.

🟢

If Mitigated

Minimal impact if alternative DNS protection mechanisms are in place or if VPN is used only for non-sensitive activities.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the affected system; DNS leak testing tools can easily detect this vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available; refer to workarounds section for mitigation steps.

🔧 Temporary Workarounds

Manual DNS Configuration

linux

Configure system to use secure DNS servers directly instead of relying on PureVPN's DNS handling

sudo nano /etc/resolv.conf
Add nameserver 1.1.1.1 or 8.8.8.8
sudo chattr +i /etc/resolv.conf

Use Alternative VPN Client

linux

Switch to a different VPN client or use OpenVPN/WireGuard directly with PureVPN servers

sudo apt install openvpn
Download PureVPN OpenVPN configs from their website

🧯 If You Can't Patch

Discontinue use of PureVPN Linux client until patch is available
Use browser-based VPN extensions or alternative privacy tools for sensitive browsing

🔍 How to Verify

Check if Vulnerable:

Run DNS leak test while connected to PureVPN: use dnsleaktest.com or 'nslookup example.com' and check if queries go to ISP DNS

Check Version:

purevpn --version or check installed package version

Verify Fix Applied:

After applying workarounds, run DNS leak tests again to confirm all queries route through VPN tunnel

📡 Detection & Monitoring

Log Indicators:

DNS queries to non-VPN DNS servers
Unexpected DNS server responses in network logs

Network Indicators:

DNS traffic bypassing VPN tunnel interface
Queries to ISP DNS servers while VPN is active

SIEM Query:

source="network" dest_port=53 NOT dest_ip IN (vpn_dns_servers)

📊 Metadata

CVE ID: CVE-2023-48957

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: August 25, 2024

Last Updated: March 14, 2025

🔗 References

https://latesthackingnews.com/2023/11/13/multiple-vulnerabilities-found-in-purevpn-one-remains-unpatched/ Exploit,Third Party Advisory
https://www.rafaybaloch.com/2023/11/Multiple%20Critical-Vulnerabilities-in-PureVPN.html?m=1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48957, you might also want to check these: