CVE-2025-13524 is a vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting AWS Wickr desktop clients on Windows, macOS, and Linux platforms before version 6.62.13. The issue arises during the call termination process where the application fails to properly release audio input resources. Specifically, after a user closes their call window, under certain conditions requiring specific user actions within the application, a call participant may continue to receive audio input from another user. This improper resource release leads to unintended audio data leakage, compromising confidentiality. The vulnerability requires the affected user to have local privileges and perform particular interactions in the app, indicating that exploitation is not fully remote and involves user interaction. The CVSS v3.1 score is 5.7 (medium severity), reflecting network attack vector, low attack complexity, requiring privileges and user interaction, with high confidentiality impact but no integrity or availability impact. No known exploits have been reported in the wild, and AWS has addressed the issue by releasing version 6.62.13 of Wickr, Wickr Gov, and Wickr Enterprise desktop clients. The vulnerability is significant in environments where secure communications and privacy are critical, as it may allow unauthorized audio monitoring after call termination.

For European organizations, this vulnerability poses a confidentiality risk by potentially exposing sensitive audio communications after a call has ostensibly ended. This could lead to unauthorized disclosure of proprietary information, personal data, or strategic discussions, which is particularly concerning under GDPR and other privacy regulations. Organizations in sectors such as government, finance, healthcare, and critical infrastructure that rely on AWS Wickr for secure messaging and calls may face reputational damage and regulatory penalties if audio data leakage occurs. The requirement for user interaction and local privileges somewhat limits the attack surface but does not eliminate risk, especially in insider threat scenarios or compromised endpoints. The lack of integrity and availability impact reduces the risk of system disruption but does not diminish the confidentiality concerns. Prompt patching is essential to maintain compliance and trust in secure communications.

European organizations should immediately upgrade all AWS Wickr desktop clients (including Wickr Gov and Wickr Enterprise) to version 6.62.13 or later to remediate this vulnerability. Beyond patching, organizations should enforce strict endpoint security controls to prevent unauthorized local access and monitor user activity for suspicious behavior that might exploit this flaw. User training should emphasize proper call termination procedures and awareness of potential residual audio capture risks. Network segmentation and application whitelisting can reduce exposure. Additionally, organizations should audit and review call logs and access controls to detect any anomalous audio data access. Implementing Data Loss Prevention (DLP) solutions that monitor audio streams may provide an additional layer of defense. Finally, ensure that incident response plans include scenarios involving potential audio data leakage.