A vulnerability in the report is behind a VPN. Does this resolve the issue?

Putting an instance with a vulnerability behind a VPN is a way of resolving most issues. Even when behind a VPN, it is advisable that you should upgrade any outdated services.

However, KYND scans are external only, so if we have picked up this vulnerability, it likely means that the VPN you are using is either not working, or the service / network configuration is misconfigured.

We would recommend you look into how your VPN is configured and that it is working as you expected.