Bulletin ID: AWS-2025-029
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/21 12:15 PM PDT

Description:

AWS Wickr is an end-to-end encrypted service that helps organizations communicate securely through messaging, voice and video calling, file sharing, and screen sharing.

We identified CVE-2025-13524, which describes an issue in the Wickr calling service. Under certain conditions, which require the affected user to take a particular action within the application, the user’s audio stream remains open after they close their call window. This could result in audio from the affected user’s device continuing to stream unexpectedly to other call participants until those users drop the call, the affected user joins another call, or the affected user terminates their application.

Impacted versions:

AWS Wickr, Wickr Gov and Wickr Enterprise desktop (Windows, Mac and Linux) versions prior to 6.62.13.

Resolution:

This issue has been addressed in AWS Wickr, Wickr Gov and Wickr Enterprise desktop version 6.62.13. We recommend upgrading to the latest version.

Workarounds:

None

References:

• CVE-2025-13524

Please email aws-security@amazon.com with any security questions or concerns.