Subj : Another audit, same result - Mullvad proven secure and log-free i
To   : All
From : TechnologyDaily
Date : Wed Oct 29 2025 16:45:08

Another audit, same result - Mullvad proven secure and log-free in latest 
audit check

Date:
Wed, 29 Oct 2025 16:38:05 +0000

Description:
No critical flaws have been found across key areas of the provider yet again

FULL STORY
======================================================================An 
independent audit found zero critical, high, or medium-severity issues Only a 
low-severity issue surfaced and was fixed immediately This reinforces 
Mullvads no-logs policy, confirming user data stays private 

Mullvad, one of the best VPN services for online privacy, has once again 
opened its doors to independent scrutiny. 

In August 2025, Swedish security consultancy Assured Security Consultants 
completed a comprehensive penetration test of Mullvads web application. The 
findings, published in a detailed report and highlighted in Mullvads recent 
blog post , reinforce the services long-standing claim that it never logs 
user data. 

The audit covered every public-facing component of Mullvads online presence, 
including the website, the Tor-only Onion service, the rsync setup, and the 
internal content management system (CMS). Each of these elements was examined 
for common attack vectors, misconfigurations, or any signs of hidden data 
collection. 

While the bulk of the assessment came back clean, the auditors identified a 
single low-severity input-validation issue. Mullvad responded immediately 
with a follow-up verification in late September, confirming that the fix was 
effective. Below, we break down the specific components that were examined. 
An independent security audit of our web app has just been completed by 
Assured. The assessment found no critical, high, or medium-severity issues. 
Read more here: https://t.co/E42w6JQvRg October 23, 2025 Report praises 
Mullvads good security practices 

Assured's penetration test began with a thorough examination of the public 
web interface, probing for classic web-application flaws such as SQL 
injection, cross-site scripting, and authentication bypass. None of these 
high-impact vulnerabilities were discovered, indicating that the codebase and 
deployment pipelines are well-hardened. 

The Tor-only Onion service was found to be completely isolated from the 
broader internet, preserving the anonymity of users who choose to connect 
through Tor. This segregation prevents any correlation between Onion traffic 
and ordinary web traffic, reinforcing Mullvads privacy guarantees. 

The rsync system, which keeps content consistent across servers, showed no 
exploitable weaknesses. Proper authentication and integrity checks were in 
place, ensuring that only authorized changes could be applied to synchronized 
files. 

The internal CMS used by Mullvad staff received particular commendation. Its 
separated from both the public internet and Mullvads own VPN network , 
meaning that only authorized internal machines can reach it. This strict 
network segmentation reduces the attack surface and safeguards the publishing 
workflow from external intrusion. 

One low-severity input-validation issue was found. Certain form fields lacked 
explicit length limits, which could have allowed unusually large inputs to 
consume excessive resources or expose raw error messages. Mullvad patched 
this problem promptly, with Assureds report confirming it was fixed according 
to our recommendations. 

The report concludes that Mullvad has good security practices, which include 
regular code reviews and timely patch deployment. Why this matters for 
Mullvad users 

Mullvads privacy claims have survived not only technical audits but 
real-world legal pressure. In early 2024, Swedish police executed a search 
warrant on Mullvads Gothenburg office, hoping to uncover subscriber data. The 
raid produced nothing because Mullvad doesnt retain IP addresses, traffic 
logs, or connection timestamps, further proving Mullvads no-logs policy. 

Independent security audits have repeatedly validated Mullvads technical 
safeguards. Indeed, Mullvad put its VPN apps under scrutiny in late 2024 as 
auditors carried out penetration tests and source-code audits, concluding 
that Mullvad apps have a high security level. 

Assureds audit of Mullvads web platform uncovered no critical, high, or 
medium-severity issues. Together, these independent examinations create a 
layered record that Mullvads privacy promises withstand both legal pressure 
and technical scrutiny. 

Mullvad users can therefore trust that their online activity remains 
invisible, making Mullvad one of the most dependable choices for anyone who 
values their online privacy. 

 Follow TechRadar on Google News and add us as a preferred source to get our 
expert news, reviews, and opinion in your feeds. Make sure to click the 
Follow button!



======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-services/another-audit-same-result-mullvad-p
roven-secure-and-log-free-in-latest-audit-check


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.