216.73.217.98

CVE-2025-27093

· Published 28/10/2025 20:15 · Modified 28/10/2025 20:15

Labels: CVE-2025-27093 2025-10-28CVE-2025-27093CWE-284[email protected]

Essential information

Published
28/10/2025 20:15
Modified
28/10/2025 20:15
Author
Creator
CVSS
6.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS metrics

Description

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / sliver cpe:2.3:a:*:sliver:1.5.43:*:*:*:*:*:*:*
* / sliver cpe:2.3:a:*:sliver:1.6.0-dev:*:*:*:*:*:*:*

References