CVE-2025-13524

MEDIUM6.8

Improper resource release in the call termination process in AWS Wickr before version 6

Published Nov 21, 2025

Modified 1 months ago

No fix available

Details

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application

To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13.

References

ADVISORYhttps://aws.amazon.com/security/security-bulletins/AWS-2025-029/WEBhttps://docs.aws.amazon.com/wickr/latest/enterpriseadminguide/clients-release-notes-6.62.html ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-13524

CVSS Analysis

CVSS v4.0

6.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

HighVC:H

Vuln. Integrity

NoneVI:N

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

6.8/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Weakness Type (CWE)

Resource Management

CWE-404

Improper Resource Shutdown

Ecosystems

Timeline

PublishedNov 21, 2025

ModifiedNov 21, 2025

CVE-2025-13524 | Mondoo Vulnerability Intelligence