- NordVPN conducted a large-scale security audit
- Cure53 conducted the audit and found no “critical” defects.
- NordVPN guarantees that all identified issues have already been resolved
According to a report, NordVPN has passed the latest and most comprehensive security audit. new relationship by audit firm Cure53.
Top VPN service ThechRadat commissioned the respected German company to conduct an in-depth analysis of its entire ecosystem. After months of testing by a large team of experts, no critical vulnerabilities have been discovered in any service.
The review results represent an important vote of confidence in a service that millions of users trust with their digital privacy. “Security is built into everything we build at NordVPN,” says Marijus Briedis, CTO at NordVPN. “We are proud that the review did not identify any critical vulnerabilities and that our teams have already taken steps to further strengthen our internal defenses.”
A deeper and more complete evaluation
The evaluation took place in May, June and October 2025 and was more extensive than in previous years. This was a combination of white box and gray box penetration testing, giving nineteen Cure53 core testers full access to NordVPN systems.
The in-depth audit examined virtually every aspect of the service and left nothing to chance. It all started with NordVPN’s suite of apps, covering all major platforms, Android, iOS, Windows, macOS and Linux, as well as browser extensions for Chrome, Edge and Firefox.
From there, the auditors delved into the core infrastructure, delving into the VPN servers, container services, and internal access controls that protect the server environment.
As part of this assessment, authentication systems were also rigorously tested to ensure that NordAccount and its multi-factor authentication (MFA) protections can withstand even the most persistent circumvention attempts.
Important information and immediate solutions
While no system is perfect, Cure53’s report is extremely positive. Reviewers highlighted several strengths, confirming that NordVPN’s mobile and desktop apps adhere to strict security practices, including secure data storage and robust firewall logic. They also found that the server infrastructure was adequately protected with strong container isolation.
However, the evaluation has identified some areas that require special attention. In both reports, Cure53 identified a total of five serious vulnerabilities. Three of these were found in applications and related to possible command injection, session management and VPN bypass, while the other two involved privilege escalation paths within the server infrastructure.
Importantly, NordVPN engineers fixed the issues immediately, and Cure53 independently verified that all fixes worked as expected. This quick turnaround is exactly why VPN audits are so important. They allow vendors to find and fix potential vulnerabilities before they can be exploited.
This commitment to continuous improvement is at the heart of NordVPN’s strategy. This latest review follows a series of other independent reports, including a no-log audit by Deloitte that verified the company’s privacy claims.
Briedis concluded: “The work on security never ends and each new evaluation helps us make the service even more secure. The latest test results show that NordVPN applications and systems remain well protected and we will continue to improve them for the benefit of all users who trust our service.”