PT-2025-27812 · Wire · Wire
Published
2025-07-03
·
Updated
2025-07-03
·
CVE-2025-49846
CVSS v4.0
4.1
Medium
| Vector | AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Wire iOS versions 3.111.1 through 3.124.1
Description:
The issue concerns the logging of messages in clear text to the iOS system logs when they are visible in the view port. This occurs due to the
canOpenUrl() function being called with an invalid URL object, resulting in iOS logging the contents to the system log. This behavior is not documented. The logs can only be accessed by someone with physical access to the unlocked device. An estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.Recommendations:
For Wire iOS versions 3.111.1 through 3.124.1, update to version 3.124.1 or later to resolve the issue.
As a temporary workaround, users can reset their iOS device to remove the offending logs.
Exploit
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wire