Vulnerability doesn't seem like the correct word to describe this issue. It's more of an exposure of potentially sensitive information (your local IP address if you're using a VPN) as a result of WebRTC's protocol design.
I haven't thought about it enough, but I suspect it's more of a problem on the VPN side; IP addresses were never intended to be private or sensitive. My suspicion is that this is another case of NAT being the reason we can't have nice things.
I agree. For the vast majority of use cases, this doesn't seem to be an exceptionally big issue. Almost all major websites collect IP addresses and don't explicitly prompt the user that this is happening. It seems the OP is really highlighting the edge case for users who want quasi-absolute security.
Knowing the LAN IP behind any NAT is useful for silently launching behind-the-firewall cross-site attacks against the router web admin interface (or any other local services) via a browser, without having to blindly guess addresses. Someone posted a POC LAN scanner elsewhere in a thread here, too.