CVE-2025-27093
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27093
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27093.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27093
- Aliases
- Published
- 2025-10-28T19:29:16Z
- Modified
- 2025-11-13T19:53:27.273894Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Sliver does not restricted traffic between Wireguard clients.
- Details
-
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.
- Database specific
{ "cwe_ids": [ "CWE-284" ] }- References
Affected packages
Git / github.com/bishopfox/sliver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/bishopfox/sliver
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
git-7d47fe39
v0.*
v0.0.1-alpha
v0.0.2-alpha
v0.0.3-alpha
v0.0.5-alpha
v0.0.6-alpha
v1.*
v1.0.0-beta
v1.0.2-beta
v1.0.3-beta
v1.0.6-beta
v1.0.7-beta
v1.0.8-beta
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.16
v1.4.17
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.21
v1.4.22
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.18
v1.5.19
v1.5.2
v1.5.20
v1.5.21
v1.5.22
v1.5.23
v1.5.24
v1.5.25
v1.5.26
v1.5.27
v1.5.28
v1.5.29
v1.5.3
v1.5.30
v1.5.31
v1.5.32
v1.5.33
v1.5.34
v1.5.35
v1.5.36
v1.5.37
v1.5.38
v1.5.39
v1.5.4
v1.5.40
v1.5.41
v1.5.42
v1.5.43
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9