Mullvad's Latest Security Audit Confirms Robust Privacy Protections

Mullvad VPN has recently undergone a comprehensive security audit conducted by X41 D-Sec GmbH, focusing on its account and payment services. The audit, completed in late 2025, aimed to assess the robustness and integrity of these critical backend systems. The findings indicate that Mullvad's infrastructure maintains a high level of security, with no critical flaws identified. The auditors reported five security-relevant issues: three medium-severity and two low-severity. Notably, none of these issues compromised user data or undermined Mullvad's privacy guarantees. The most significant finding was a race condition in voucher handling, which could potentially allow a voucher to be redeemed more than once under specific circumstances. However, this issue was limited to billing processes and did not expose any personal information. Mullvad has addressed this concern by implementing improved internal authentication mechanisms and simplifying configurations to enhance system security. This audit underscores Mullvad's commitment to transparency and proactive security practices, building upon previous audits that have consistently reported robust security with only minor issues promptly addressed. For users, these results reinforce Mullvad's reputation as a privacy-first VPN provider that not only promises strong data protections but also substantiates those promises through meaningful third-party evaluations. (mullvad.net)