CVE-2025-48061

Name of the Vulnerable Software and Affected Versions wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0

Description The issue is related to a regression in the session invalidation process. When a user logs out of the Wire webapp, they could be automatically logged in again after re-opening the application. This behavior does not occur when the user logs in as a temporary user or selects the option to delete all personal information and conversations upon logout.

Recommendations For wire-webapp versions 2025-05-14-production.0 through 2025-05-20-production.0, update to version 2025-05-20-production.0 to resolve the issue. As a temporary workaround, consider deleting all information upon logout or logging in as a temporary client to prevent automatic login.