{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48061", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-15T16:06:40.941Z", "datePublished": "2025-05-22T17:04:42.918Z", "dateUpdated": "2025-05-22T17:32:16.333Z"}, "containers": {"cna": {"title": "wire-webapp Has Insufficient Session Invalidation after User Logout", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/wireapp/wire-webapp/security/advisories/GHSA-7r6m-qjwm-w44q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wireapp/wire-webapp/security/advisories/GHSA-7r6m-qjwm-w44q"}], "affected": [{"vendor": "wireapp", "product": "wire-webapp", "versions": [{"version": "< 2025-05-20-production.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-22T17:19:44.339Z"}, "descriptions": [{"lang": "en", "value": "wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting \"This is a public computer\" during login or the user selects \"Delete all your personal information and conversations on this device\" upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client."}], "source": {"advisory": "GHSA-7r6m-qjwm-w44q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-22T17:23:08.632285Z", "id": "CVE-2025-48061", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T17:32:16.333Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-22T17:23:08.632285Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T17:23:25.736Z"}}], "cna": {"title": "wire-webapp Has Insufficient Session Invalidation after User Logout", "source": {"advisory": "GHSA-7r6m-qjwm-w44q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "wireapp", "product": "wire-webapp", "versions": [{"status": "affected", "version": "< 2025-05-20-production.0"}]}], "references": [{"url": "https://github.com/wireapp/wire-webapp/security/advisories/GHSA-7r6m-qjwm-w44q", "name": "https://github.com/wireapp/wire-webapp/security/advisories/GHSA-7r6m-qjwm-w44q", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting \"This is a public computer\" during login or the user selects \"Delete all your personal information and conversations on this device\" upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-22T17:19:44.339Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48061", "state": "PUBLISHED", "dateUpdated": "2025-05-22T17:32:16.333Z", "dateReserved": "2025-05-15T16:06:40.941Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-22T17:04:42.918Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting \"This is a public computer\" during login or the user selects \"Delete all your personal information and conversations on this device\" upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client."}, {"lang": "es", "value": "wire-webapp es la aplicaci\u00f3n web para el servicio de mensajer\u00eda de c\u00f3digo abierto Wire. Un cambio provoc\u00f3 una regresi\u00f3n que impidi\u00f3 que las sesiones se invalidaran correctamente. Un usuario que cerraba sesi\u00f3n en la aplicaci\u00f3n web de Wire podr\u00eda haber vuelto a iniciar sesi\u00f3n autom\u00e1ticamente al reabrirla. Esto no ocurre cuando el usuario inicia sesi\u00f3n como usuario temporal seleccionando \"Este es un equipo p\u00fablico\" al iniciar sesi\u00f3n o seleccionando \"Eliminar toda su informaci\u00f3n personal y conversaciones en este dispositivo\" al cerrar sesi\u00f3n. El problema subyacente se ha solucionado con la versi\u00f3n 2025-05-20-production.0 de wire-webapp. Como workaround, este comportamiento se puede evitar eliminando toda la informaci\u00f3n al cerrar sesi\u00f3n o iniciando sesi\u00f3n como cliente temporal."}], "id": "CVE-2025-48061", "lastModified": "2025-05-23T15:55:02.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-22T17:15:25.033", "references": [{"source": "[email protected]", "url": "https://github.com/wireapp/wire-webapp/security/advisories/GHSA-7r6m-qjwm-w44q"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "[email protected]", "type": "Secondary"}]}

{}