Primary

Context

Wire Webapp Local Database Deletion Failure on Logout Vulnerability

Vulnerability

Patched

A regression in the Wire Webapp has led to a failure in the local database deletion process during user logout. This issue affects both temporary clients, which mark the device as public, and regular clients that request the deletion of personal information and conversations upon logout. The vulnerability requires access to the machine to retrieve the data. If encryption-at-rest is enabled, cryptographic material cannot be exported.

Impact

The vulnerability prevents the proper deletion of local data upon logout, leading to residual data remaining on the device. This issue could be exploited to access personal information and conversations that were intended to be deleted.

Remediation

Users can manually delete the database on devices that were marked as public computers prior to login or after a logout request to delete local data was made. The issue has been fixed in Wire Webapp version 2025-05-14-production.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.7

remediation

7.9

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.7

remediation

7.9

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wire Webapp Local Database Deletion Failure on Logout Vulnerability

Vulnerability

Impact

Remediation

Affected Products

wire-webapp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating