CVE-2025-13524 – AWS Wickr Desktop Bug Leaks Call Audio After Hangup

CVE-2025-13524 is a privacy-impacting flaw in AWS Wickr, Wickr Gov and Wickr Enterprise desktop clients where, under certain user actions, the audio stream can remain open after the user closes the call window. AWS reports that this issue could result in the affected user’s microphone audio continuing to stream to other call participants until they drop the call, the user joins another call, or the user terminates the application. While not a traditional RCE or injection vulnerability, the bug undermines expectations of end-to-end encrypted calling confidentiality and maps to MITRE ATT&CK T1110 (Credential and Sensitive Data Exposure) analogues for data-in-use leaks. The vulnerability impacts desktop Wickr clients (Windows, macOS and Linux) prior to version 6.62.13 across AWS Wickr, Wickr Gov and Wickr Enterprise offerings. The issue manifests only in specific call flows where the user takes a particular action inside the app—details AWS does not fully disclose—but the net effect is that users may mistakenly believe a call has ended while their audio continues to be transmitted. This edge-case behavior introduces risk for sensitive discussions, especially in government and regulated industries that rely on Wickr Gov and Wickr Enterprise for high-security communications. From a business perspective, accidental audio leakage can expose confidential strategy discussions, incident response coordination, legal conversations or personal data handled in regulated environments. Unlike typical network eavesdropping, this leak occurs inside an end-to-end encrypted context, meaning participants on the call remain the only recipients—but that still includes any untrusted or compromised party present in the session. In settings covered by GDPR, HIPAA or contractual NDAs, such inadvertent disclosure could carry compliance and reputational consequences. AWS has addressed CVE-2025-13524 in Wickr desktop version 6.62.13 and recommends customers upgrade to the latest release. There are no workarounds beyond software update and user behavior, so organizations should rapidly roll out new clients, particularly in sensitive environments, and reinforce guidance that users should properly terminate sessions and exit the application after high-risk meetings. Security teams should also revisit policies around which conversations should or should not involve external participants, even when held over encrypted collaboration platforms.