This requires an attacker to first get MitM, which is a pretty high bar:
“The first pair of bugs can be exploited in a LocalNet attack, i.e., when a user connects to an Wi-Fi or Ethernet network set up by an attacker. The latter pair can be leveraged in a ServerIP attack, either by attackers that are running an untrusted Wi-Fi/Ethernet network or by malicious internet service providers (ISPs).”
I mean, a VPN is kinda meant for untrusted networks.
The linked paper in the article is quite detailed, and describes the first step.
Essentially, most VPNs are configured by default to allow local network access (so, internet traffic goes through the VPN, but you don’t need to disconnect from the VPN to use your printer).
The attack requires the rogue network to assign IP addresses in the range of the targeted server. So if they know the server you are trying to access, they can make your local network contain the target servers IP. At which point, the VPN client will treat it as local traffic, and try to reach it through the local rogue network.
VPN clients can be configured around this.
It’s also always worth making sure a network that you don’t know is serving rfc1918 addresses.
On my home computers I have “expose local network” on, but on mobile I have it off.