CVE-2022-43673: n/a in n/a
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
AI Analysis
Technical Summary
CVE-2022-43673 is a medium-severity vulnerability affecting the Wire desktop client version 3.22.3993 on Windows platforms. The issue arises from the way the application handles message deletion. Although the client advertises that sent messages are deleted, in reality, these messages remain retrievable for a limited time from a local database stored in the user's AppData directory, specifically under AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb. This database uses LevelDB, a key-value store, to cache message data. The vulnerability corresponds to CWE-532, which relates to the exposure of sensitive information through unintended data retention. The CVSS 3.1 score is 4.7 (medium), with the vector indicating that the attack requires local access (AV:L), high attack complexity (AC:H), low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality (C:H) but not integrity or availability. Essentially, an attacker or unauthorized user with access to the victim's Windows account could extract supposedly deleted messages from the local storage, violating confidentiality expectations. There is no indication of known exploits in the wild, nor are there published patches or vendor advisories linked to this vulnerability. The issue does not affect the server or network transmission but is limited to local data remnants on the client device.
Potential Impact
For European organizations using the Wire desktop client on Windows, this vulnerability poses a confidentiality risk. Sensitive communications believed to be deleted could be recovered by malicious insiders, compromised user accounts, or through physical access to devices. This could lead to leakage of proprietary information, personal data, or confidential business communications. Given Wire's positioning as a secure messaging platform, this flaw undermines user trust and compliance with data protection regulations such as GDPR, which mandates proper data handling and deletion. The impact is particularly relevant for sectors handling sensitive data, including finance, healthcare, legal, and government entities. However, since exploitation requires local access and the vulnerability does not affect message integrity or availability, the risk is somewhat contained to scenarios involving compromised endpoints or insider threats rather than remote attackers.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Restrict physical and local access to devices running Wire clients by enforcing strong endpoint security controls, including full disk encryption, strong user authentication, and session locking. 2) Implement strict user access policies and monitor for unauthorized access to user profiles and local storage directories. 3) Educate users about the risk of residual data and encourage the use of secure deletion tools that can overwrite local databases beyond the application's deletion mechanisms. 4) Regularly audit and clean up local application data directories, possibly via automated scripts or endpoint management tools, to remove residual message data. 5) Monitor Wire client updates and vendor communications for patches addressing this issue and apply them promptly once available. 6) Consider alternative secure messaging solutions if the risk profile is unacceptable and no timely patch is forthcoming. These steps go beyond generic advice by focusing on endpoint security hygiene, user education, and proactive data management specific to the vulnerability's nature.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Switzerland, Belgium, Norway, Denmark, Finland
CVE-2022-43673: n/a in n/a
Description
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
AI-Powered Analysis
Technical Analysis
CVE-2022-43673 is a medium-severity vulnerability affecting the Wire desktop client version 3.22.3993 on Windows platforms. The issue arises from the way the application handles message deletion. Although the client advertises that sent messages are deleted, in reality, these messages remain retrievable for a limited time from a local database stored in the user's AppData directory, specifically under AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb. This database uses LevelDB, a key-value store, to cache message data. The vulnerability corresponds to CWE-532, which relates to the exposure of sensitive information through unintended data retention. The CVSS 3.1 score is 4.7 (medium), with the vector indicating that the attack requires local access (AV:L), high attack complexity (AC:H), low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality (C:H) but not integrity or availability. Essentially, an attacker or unauthorized user with access to the victim's Windows account could extract supposedly deleted messages from the local storage, violating confidentiality expectations. There is no indication of known exploits in the wild, nor are there published patches or vendor advisories linked to this vulnerability. The issue does not affect the server or network transmission but is limited to local data remnants on the client device.
Potential Impact
For European organizations using the Wire desktop client on Windows, this vulnerability poses a confidentiality risk. Sensitive communications believed to be deleted could be recovered by malicious insiders, compromised user accounts, or through physical access to devices. This could lead to leakage of proprietary information, personal data, or confidential business communications. Given Wire's positioning as a secure messaging platform, this flaw undermines user trust and compliance with data protection regulations such as GDPR, which mandates proper data handling and deletion. The impact is particularly relevant for sectors handling sensitive data, including finance, healthcare, legal, and government entities. However, since exploitation requires local access and the vulnerability does not affect message integrity or availability, the risk is somewhat contained to scenarios involving compromised endpoints or insider threats rather than remote attackers.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Restrict physical and local access to devices running Wire clients by enforcing strong endpoint security controls, including full disk encryption, strong user authentication, and session locking. 2) Implement strict user access policies and monitor for unauthorized access to user profiles and local storage directories. 3) Educate users about the risk of residual data and encourage the use of secure deletion tools that can overwrite local databases beyond the application's deletion mechanisms. 4) Regularly audit and clean up local application data directories, possibly via automated scripts or endpoint management tools, to remove residual message data. 5) Monitor Wire client updates and vendor communications for patches addressing this issue and apply them promptly once available. 6) Consider alternative secure messaging solutions if the risk profile is unacceptable and no timely patch is forthcoming. These steps go beyond generic advice by focusing on endpoint security hygiene, user education, and proactive data management specific to the vulnerability's nature.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-24T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbee24e
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 6/25/2025, 6:19:50 AM
Last updated: 7/26/2025, 12:55:36 AM
Views: 10
Related Threats
CVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-54992: CWE-611: Improper Restriction of XML External Entity Reference in telstra open-kilda
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.