CVE-2025-27093

Published Oct 28, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-27093 affects the Sliver command and control framework, specifically versions 1.5.43 and earlier, as well as development version 1.6.0-dev. The vulnerability lies in the custom Wireguard netstack, which doesn't restrict traffic between Wireguard clients. This lack of traffic restriction allows clients to communicate freely with each other. Consequently, if an attacker gains access to leaked or recovered keypairs, they could potentially use them to target operators or access port forwardings from other implants.

Description: Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.
Source: security-advisories@github.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.3
Impact score: 3.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-284

Hype score: Not currently trending

References