Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2025-48066 First vendor Publication 2025-05-22
Vendor Cve Last vendor Modification 2025-05-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required None User Interaction Required
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary clients (marking the device as a public computer on login) and regular clients instructing the deletion of all personal information and conversations upon logout. Access to the machine is required to access the data. If encryption-at-rest is used, cryptographic material can't be exported. The underlying issue has been fixed with wire-webapp version 2025-05-14-production.0. In order to mitigate potential impact, the database must be manually deleted on devices where the option "This is a public computer" was used prior to log in or a log out with the request to delete local data with the affected versions has happened before.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48066

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-226 Sensitive Information Uncleared Before Release (CWE/SANS Top 25)
50 % CWE-212 Improper Cross-boundary Removal of Sensitive Data

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

Sources (Detail)

https://github.com/wireapp/wire-webapp/commit/4c0ed5f1e9e0fcfceedf3c29034defc...
https://github.com/wireapp/wire-webapp/security/advisories/GHSA-qc6c-2hh8-qfh8
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2025-05-30 09:20:37
  • Multiple Updates
2025-05-26 21:20:38
  • First insertion