Audio Input Leak in AWS Wickr Across Multiple Platforms
CVE-2025-13524

6.8MEDIUM

Key Information:

Vendor: Aws
Status: Wickr; Wickr Gov; Wickr Enterprise
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-13524?

An improper resource release vulnerability in the call termination process of AWS Wickr may expose private audio communication. When a user closes their call window under specific conditions, they might still receive audio input from other participants. This vulnerability affects multiple platforms including Windows, macOS, and Linux, necessitating an upgrade to version 6.62.13 or later to mitigate risks.

Affected Version(s)

Wickr Enterprise Windows 6.62.13

Wickr Gov Windows 6.62.13

Wickr Windows 6.62.13

References

https://aws.amazon.com/security/security-bulletins/AWS-20...

vendor-advisory

https://docs.aws.amazon.com/wickr/latest/enterpriseadming...

release-notes

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 21, 2025

JSON

Aws

What is CVE-2025-13524?

Affected Version(s)

References

CVSS V4

Timeline