ExpressVPN’s Lightway Goes Through Yet Another Independent Audit by Cure53

Published on March 8, 2023
Written by:
Novak Bozovic
Novak Bozovic
Tech & VPN Content Specialist

Independent audits have become commonplace in today’s VPN industry, providing perhaps the best way for VPNs to prove their marketing claims. ExpressVPN is not an exception, agreeing to be audited in several ways during the last year alone.

Just recently, ExpressVPN’s apps for Windows, macOS, and Linux were audited through a series of individual assessments. Before that, ExpressVPN’s privacy protections were tested by two of the most respectable cyber-security companies. And now, the VPN’s Lightway protocol got the same treatment, with the VPN company hiring Cure53 to check the protocol’s source code.

The Lightway audit focused on source-code-assisted penetration tests against Lightway server and client components, shared libraries, and the protocol’s high-performance TUN driver. What’s also interesting to note is that Cure53 had already checked all those Lightway components in the past (in 2021), so this was an opportunity for ExpressVPN to show its commitment to privacy and safety in the long term.

The results of the audit were highly positive. Cure53 identified only a handful of issues, all remedied by ExpressVPN’s team. The cyber-sec company identified 5 low-risk vulnerabilities and made 4 additional (informative) observations. The initial check was done in November 2021, and a re-test was done in February 2023.  

It’s also important to note that no medium, high, or critical issues were found. That means the Lightway protocol, which evolves rapidly, is a viable alternative to older and more established protocols, such as OpenVPN. Also, based on our own tests, the Lightway protocol is extremely fast and great for unblocking online content. Since it’s available across all ExpressVPN apps, we highly recommend using it for your day-to-day online activities.

As concluded by Cure53 in their report: “Drawing on the combination of factors, namely the comprehensive coverage, low number of findings, and an absence of high-impact problems, it can be concluded that this Cure53 assessment of the ExpressVPN Lightway components concludes with a positive result.”

If you’d like to learn more about ExpressVPN’s previous audits, newly released features, and other freshly available refinements, check our summary of what’s new in ExpressVPN.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: