Cyberattacks are common these days, and one of the first preventive measures on just about anyone’s list is using a VPN. However, as secure as they are, VPNs aren’t perfect and do tend to run into issues from time to time.

Disconnections and service issues aside, a much larger threat is looming on VPNs at the moment: TunnelVision VPN attacks. But what are they? And are they that big of an issue?

wifi router with person in the background

What Are TunnelVision VPN Attacks?

TunnelVision attacks revolve around several network routing techniques that allow attackers to bypass VPN protection under specific circumstances. However, the TunnelVision VPN attack isn’t exactly novel. The underlying technique here has been a possibility for over two decades, and the fact that it has finally evolved into a full-blown attack is what’s sending the industry into panic.

So, what underlying technique has always been there?

lan switch in server room

Security researchers from Leviathan Security first disclosed the vulnerability in aresearch paper released on July 16, 2025. The specific issue raised by the researchers comes from DHCP (Dynamic Host Configuration Protocol), a feature found in almost every router in use today. Generally speaking, DHCP is used to automatically configure a device to connect to a network and, eventually, the internet.

A part of this configuration also relies on your device knowing exactly where to send traffic so that it can reach the Internet. However, a lesser-known DHCP feature, Option 121, allows setting alternative routes for specific destinations. Any device supporting Option 121 can be set up with additional gateways that divert traffic that would otherwise follow the default path.

This is where TunnelVision comes into play. Using Option 121, an attacker can potentially set a specific route from a router that a device on a network needs to follow to communicate with the internet, potentially causing VPN leaks. Considering aVPN is supposed to protect your privacy by tunneling your data, that’s a big concern.

To put it simply, if you’re connected to a network you don’t control, such as an airport or hotel’s Wi-Fi network, and if specific conditions are met, an attacker can compromise the router and reroute the internet traffic from your device to flow outside the network tunnel your VPN has created.

Are TunnelVision VPN Attacks as Dangerous as They Seem?

While TunnelVision attacks affect all VPN providers and networks that support Option 121, the impact of the attack technique varies greatly depending on your device, operating system, and VPN in use. Additionally, as mentioned before, a specific sequence of conditions (such as an attacker compromising the network’s router) must be met before anyone can be affected by the vulnerability.

Leviathan’s description of the vulnerability has a few issues. TunnelVision reroutes your internet traffic; it doesn’t “decloak” it. The attack does reveal the TLS headers involved with the traffic, but as long as you’re using a good VPN, the contents of your data packets are still encrypted, as that step is done before the data leaves your device and enters the network.

If anything, TunnelVision highlights the need to avoid VPNs that haven’t proven themselves. Yes, the information gathered from a TunnelVision attack can be used as part of a wider attack to identify you on the internet, and it’s a problem if executed properly. However, it would take a significant amount of data to do that, and any competent VPN’s kill switch will likely save you before that happens.

How Can You Protect Yourself?

Other than common sense and following cybersecurity practices that are already recommended, you don’t need to do a lot. However, if you’re using a less-proven VPN provider for whatever reason, it’s time to switch. We’ve already got acomprehensive list of VPNs for every use caseyou can refer to.

As long as an attacker hasn’t compromised the router behind the network you’re connecting to, you’re safe from TunnelVision attacks. Even then, if your VPN’s kill switch is on, chances are you’re still protected. You’re also protected if you’re using your cellular data or phone hotspot to connect to the internet on your laptop.

In practice, many factors need to come together for a successful TunnelVision attack, and even then, chances are the data collected wouldn’t be of much use to the attacker. So get a good VPN, enable the kill switch, don’t connect to random public Wi-Fi networks, and you’re pretty much protected from TunnelVision.