CVE-2025-13524
5.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application
To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AWS | Wickr | 6.62.13 | unaffected |
| AWS | Wickr Gov | 6.62.13 | unaffected |
| AWS | Wickr Enterprise | 6.62.13 | unaffected |
Weaknesses
- CWE-404: CWE-404 Improper Resource Shutdown or Release
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://aws.amazon.com/security/security-bulletins/AWS-2025-029/
- https://docs.aws.amazon.com/wickr/latest/enterpriseadminguide/clients-release-notes-6.62.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.