Uh, I might be wrong here, but isn’t the whole purpose of split tunneling to allow you to send only necessary traffic through a given tunnel? Then the rest of your traffic goes whatever the default path is?
This seems more like a feature than a CVE. Maybe I’m missing something.
so it would be like you say I want Firefox to go thru the tunnel, you would want the DNS requests made from it to go thru as well, in this case they weren't tunneled and were just going to the normal dns server
There are a lot of different things, I suggest to look it up for the accurate details. However the most sketchy thing is that it's owned by Kape Technologies, previously known Crossrider something.. Who helped distribute malware through their frameworks. On top of that, one of the employees have had connections to the UAE, and got caught, but still works there...???
That's just the gist, and it's some crazy stuff... Any VPN owned by Kape Technologies you should stay far away from.