NordVPN has proved its security credentials following an independent security audit by cybersecurity auditing firm Cure53.
The team conducted a penetration test and source code review of NordVPN applications, browser extensions, and features between June and August 2024.
Leading security credentials is one of the reasons NordVPN is classed as our best VPN, and Cure53's recommendations were immediately addressed, strengthening the security of NordVPN.
Audit details
Cure53's assessment included penetration testing and a source code review of NordVPN's desktop applications (Windows, macOS, and Linux), mobile apps (iOS and Android), browser extensions (Chrome, Edge, and Firefox), and features including Threat Protection Pro and Meshnet.
A total of 31 findings were discovered. 22 were classified as security vulnerabilities and nine were categorized as general weaknesses, with lower exploitation potential. Due to the broad scope of Cure53's examination, a higher number of issues were expected but no critical vulnerabilities were found.
Several "high" severity vulnerabilities were discovered and Cure53 recommended their resolutions were prioritized. To safeguard the integrity of services and features and protect users from emerging threats and vulnerabilities, Cure53 recommended regular security assessments.
As soon as the assessment was complete and findings reported, NordVPN addressed the findings and strengthened the security of its service. Several high level vulnerabilities were carefully addressed and fixed. Remaining issues were resolved where possible and negative effects on user experience were avoided.
Cure53 noted that once the issues had been addressed, NordVPN will reach a sufficiently secure state. The use of libraries including NGHTTP2, OpenSSL, and Boost was commended by Cure53. They are known for stability and security and contribute to NordVPN's overall security.
"Security is at the core of everything we do at NordVPN. Independent assessments like this allow us to continuously refine our technology and stay ahead of emerging threats," said Marijus Briedis, CTO of NordVPN.
"The findings from Cure53 reinforced our strong security foundation, and our team swiftly implemented all necessary improvements to ensure the highest level of protection for our users."
As well as proving its security, NordVPN has recently proven its privacy claims. An independent audit of its IT systems, supporting infrastructure, and no-logs policy was commissioned at the end of 2024 – with its no-logs policy verified for a fifth time.
"Our work towards improving security is never finished, and we will keep moving forward," added Briedis. "The latest Cure53 assessment confirms that NordVPN apps are built on a strong foundation with no critical risks. We are proud of the results and will keep making NordVPN one of the most secure VPN services available to everyone."
Cure53's full report is available via the user control panel on NordVPN's website or by following this link.
Disclaimer
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
