A newly discovered vulnerability undermines countless VPN clients in that their traffic can be quietly routed away from their encrypted tunnels and intercepted by snoops on the network. Dubbed TunnelVision by the eggheads at Leviathan Security Group who uncovered and documented it, the technique (CVE-2024-3661) can result in a VPN user believing their connection is properly secured, and being routed through an encrypted tunnel as usual, while an attacker on their network has instead redirected their connections so that it can be potentially inspected.

Source: The Register