Skip to main content

CVE-2025-49846: CWE-117: Improper Output Neutralization for Logs in wireapp wire-ios

Medium
VulnerabilityCVE-2025-49846cvecve-2025-49846cwe-117cwe-532
Published: Thu Jul 03 2025 (07/03/2025, 16:41:34 UTC)
Source: CVE Database V5
Vendor/Project: wireapp
Product: wire-ios

Description

wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected, especially not the logs users can export and send to Wire support. The iOS logs can only be accessed if someone had (physical) access to the underlying unlocked device. The issue manifested itself by calling canOpenUrl() and passing an invalid URL object. When iOS then performs the check and fails, it logs the contents to the system log. This is not documented behaviour. Wire released an emergency fix with version 3.124.1. As a workaround, users can reset their iOS device to remove the offending logs. Since Wire cannot access or modify iOS system logs, there's no other workaround other than a reset.

AI-Powered Analysis

AILast updated: 07/03/2025, 17:10:09 UTC

Technical Analysis

CVE-2025-49846 is a medium-severity vulnerability affecting the Wire iOS client application versions from 3.111.1 up to but not including 3.124.1. Wire is a secure messaging platform, and the iOS client is widely used for encrypted communications. The vulnerability arises due to improper output neutralization for logs (CWE-117) combined with sensitive data being logged in clear text (CWE-532). Specifically, messages visible in the viewport of the Wire iOS app were inadvertently logged to the iOS system logs in plaintext. This occurred when the app called the iOS API canOpenUrl() with an invalid URL object, causing iOS to log the URL contents to the system log. This logging behavior is undocumented by Apple. Importantly, the Wire app’s own logs, including those exportable to support, were not affected. The sensitive data exposure is limited to the iOS system logs, which can only be accessed if an attacker has physical access to an unlocked device. Wire addressed this issue with an emergency patch in version 3.124.1. The only workaround prior to patching is to reset the iOS device to clear the system logs, as Wire cannot modify or delete iOS system logs. The CVSS 4.0 vector indicates local attack vector, low attack complexity, partial privileges required, partial user interaction, and high impact on confidentiality but no impact on integrity or availability. There are no known exploits in the wild at this time.

Potential Impact

For European organizations using Wire iOS clients, this vulnerability poses a risk of sensitive message exposure if an attacker gains physical access to an unlocked device. This could lead to confidentiality breaches of sensitive communications, potentially exposing personal data, corporate secrets, or other confidential information. The impact is mitigated by the requirement for physical access and an unlocked device, limiting remote exploitation. However, in environments where devices are shared, lost, or stolen, this vulnerability could facilitate insider threats or opportunistic data theft. Given Wire’s use in privacy-conscious sectors, including legal, healthcare, and corporate communications, the exposure of message content—even temporarily—could have regulatory and reputational consequences under GDPR and other data protection laws. The vulnerability does not affect message integrity or availability, and no remote exploitation is possible, limiting the scope of impact primarily to confidentiality on compromised devices.

Mitigation Recommendations

European organizations should immediately update all Wire iOS clients to version 3.124.1 or later to remediate this vulnerability. Until updates are deployed, organizations should enforce strict physical security controls over iOS devices, including mandatory device locking with strong passcodes or biometric authentication to prevent unauthorized access. Device management solutions should be used to monitor and restrict physical access risks. Users should be instructed to reset their iOS devices to clear existing system logs if they suspect exposure. Additionally, organizations should review their incident response and data protection policies to address potential data exposure from lost or stolen devices. Regular audits of device security posture and user training on physical security best practices are recommended. Since Wire cannot control iOS system logs, reliance on OS-level security is critical. Finally, organizations should monitor for any updates from Apple regarding logging behavior and consider reporting any suspicious device access attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-06-11T14:33:57.800Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6866b5c76f40f0eb72995dad

Added to database: 7/3/2025, 4:54:31 PM

Last enriched: 7/3/2025, 5:10:09 PM

Last updated: 7/3/2025, 7:24:31 PM

Views: 4

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats