A novel VPN attack being called TunnelVision is able to force encrypted VPN traffic to route outside of the secure tunnel, potentially allowing a bad actor to intercept communication thought to be encrypted and secure. According to researchers the vulnerability may have existed since as early as 2002. The attack does not appear to effect Linux or Android devices. The attack requires a user to be connected to hostile network, it works by manipulating the DHCP server to override the default routing rules that send VPN traffic through a local IP and instead instructs the victim to route the traffic to the DHCP server itself instead. The attack was discovered by researchers at Leviathan Security who were able to route some or all of the VPN traffic outside of the encrypted tunnel.
More information on the attack and detailed writeup is available below!
https://www.leviathansecurity.com/blog/tunnelvision
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661