There needs to be extra evidence before claiming that "virtually all VPNs apps" are vulnerable. From my understanding, they tested WireGuard on multiple platforms. However, other VPN clients may install extra firewall rules, I've seen that happen with VPNs on Windows/macOS/Linux.
Looks like many VPNs allow access to the local network. And you can assign public IP ranges to the local network which.. is enough to make clients leak traffic to those IP addresses.