Listen to this Post
How CVE-2025-48066 Works
The vulnerability in wire-webapp stems from a regression bug where the local database deletion function fails during user logout. When a user selects “This is a public computer” or requests data deletion, the client should purge local conversations and personal information. However, due to the flawed implementation, the data persists on disk. Attackers with physical access to the device could extract sensitive chat histories if encryption-at-rest isn’t enabled. The issue originates from improper cleanup routines in the logout workflow, where database transaction commits occur before deletion commands.
DailyCVE Form
Platform: Wire-Webapp
Version: <2025-05-14-production.0
Vulnerability: Persistent local data
Severity: Medium
Date: 2025-05-22
Prediction: Patch available (2025-05-14)
What Undercode Say:
Analytics:
- Impact Score: 5.3 (Local attack vector)
- Exploitability: Requires physical access
- Affected Components:
logout.js, `dbCleaner.js`
Exploit Commands:
sqlite3 ~/.wire/database.db "SELECT FROM messages" If encryption disabled strings /var/lib/wire/localstore/.bin Binary data leakage
Protection Code:
// Manual cleanup workaround
const fs = require('fs');
fs.rmSync('/path/to/wire/data', { recursive: true, force: true });
Mitigation Steps:
1. Upgrade to wire-webapp ≥2025-05-14-production.0
2. Enable encryption-at-rest in config:
{
"encryption": {
"atRest": true,
"keyDerivationIterations": 100000
}
}
Detection Script:
import os
def check_wire_vulnerable():
return os.path.exists('/opt/Wire/bin/wire') and
open('/opt/Wire/version').read() < '2025-05-14'
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
