CVE-2025-48066

Name of the Vulnerable Software and Affected Versions wire-webapp versions prior to 2025-05-14-production.0

Description A regression issue in the function to delete local data causes the client's local database not to be deleted upon user logout, even when instructed to do so. This affects both temporary clients and regular clients attempting to delete personal information and conversations. Access to the machine is required to access the data, and if encryption-at-rest is used, cryptographic material cannot be exported.

Recommendations For versions prior to 2025-05-14-production.0, manually delete the database on devices where the option "This is a public computer" was used prior to login or a logout with the request to delete local data has happened before. Update to wire-webapp version 2025-05-14-production.0 to resolve the issue.