ExpressVPN aces three independent security audits

ExpressVPN on PC and Windows 10 devices
(Image credit: ExpressVPN)

Not only has it been confirmed as the #1 best VPN on the market by our last round of testing, ExpressVPN also aced all the latest independent audits on its security infrastructure. 

Two different cybersecurity firms, Cure53 and F-Secure respectively, were called to check all its desktop applications for any vulnerabilities. Specifically, Cure53 performed penetration tests and source code audits of its macOS and Linux apps. F-Secure carried on similar checks on the most recent version (v12) of its Windows client.  

Despite finding some minor bugs, all the reports conclude that ExpressVPN is a safe choice to secure your most sensitive data against any cybersecurity threats. 

What's more, these impressive results come just a few weeks after both its privacy policy and server technology got the OK from independent auditors

'No major issues and strong impressions gained'

"As a result of the absence of major issues and strong impressions gained during the audit, Cure53 can only confirm that the ExpressVPN team instills due diligence in its efforts against the many and varying threats that modern VPN applications tend to face," concluded the auditing firm, praising the access and collaboration grant from the provider during the process. 

As mentioned before, Cure53 performed white-box testing on ExpressVPN's macOS and Linux apps between June and July 2022. These were aimed to check if users' privacy is secured at all times. 

In both cases, auditors could find only a handful of minor vulnerabilities with very little risk for users' data. 

Specifically, the macOS app review revealed only two minor security risks and four possible improvements. Check the full report results here.   

Likewise, the audit of its Linux apps uncovered two security vulnerabilities and three general weaknesses with lower exploitation potential. 

"It needs to be stated clearly that this list of issues is very short, pointing to the overall good outcome of this testing round," wrote Cure53.

At the same time, ExpressVPN developers claimed that these bugs have since then been reviewed.

After asking F-Secure to check the previous app's version, the secure VPN provider decided to call the firm for another review on its latest Windows v12 in March. 

Here, a mix of white-box and grey-box tests couldn't identify any security weaknesses. Only a non-exploitable informational issue was found, but it has already been fixed and retested as solved a month later. Check the final report for more details.

"These audits are a testament to the efforts we put into improving and securing our product, and we’re glad to receive the validation from Cure53 and F-Secure," said ExpressVPN penetration testing manager Brian Schirmacher. 

"We’re committed to delivering audits on our mobile apps soon, and will continue to ensure privacy and security at every touchpoint of our product."

Chiara Castro
News Editor (Tech Software)

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life – wherever cybersecurity, markets, and politics tangle up. She writes news, interviews, and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar and TechRadar Pro. Got a story, tip-off, or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Read more
Mullvad VPN working on a laptop
Independent auditors confirm Mullvad VPN as secure
NordVPN running on a desktop, mobile devices, Apple TV, a router and a game console
NordVPN reacts to results from its latest security audit
A repeating pattern of pink magnifying glasses on a light blue background
Why do VPN audits matter?
best Secure VPN
Secure VPN providers 2025: safe options for the best security and encryption
A hand holds a smartphone displaying the NordVPN logo
"Privacy isn’t just a buzzword" – independent audit confirms NordVPN doesn't store your data
ExpressVPN Lightway Protocol
ExpressVPN upgrades to post-quantum encryption NIST standards
Latest in VPN Services
ExpressVPN's Lightway Turbo upgrade – promo image
Can fast be faster? ExpressVPN promises it’s possible
AdGuard VPN during TechRadar tests
AdGuard becomes the latest VPN to add post-quantum encryption
ExpressVPN's new Linux app interface
ExpressVPN releases a major upgrade to its Linux app
ExpressVPN apps running on a laptop and mobile during TechRadar's testing
What's new in Lightway 2.0? Here are the 4 biggest changes I'm excited for
A VPN running on a mobile device
A new era for VPN testing? ATMSO publishes the first-ever testing standards in an "important milestone"
Aircove router, smartphone and laptop with ExpressVPN app on screen on a wooden table
ExpressVPN's Aircove becomes the first device equipped with Lightway 2.0 – and the upgrades don't stop there
Latest in News
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'
DVDs in a pile
Warner Bros is replacing some DVDs that ‘rot’ and become unwatchable – but there’s a big catch that undermines the value of physical media
A costumed Matt Murdock smiles at someone off-camera in Netflix's Daredevil TV show
Daredevil: Born Again is Disney+'s biggest series of 2025 so far, but another Marvel TV show has performed even better
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Nintendo Switch 2
A Nintendo Switch 2 FCC filing confirms Wi-Fi 6 and NFC support for the upcoming console