CVE-2025-27093: Silver has unrestricted traffic between Wireguard clients
(updated )
Sliver’s custom Wireguard netstack doesn’t limit traffic between Wireguard clients, this could lead to:
- Leaked/recovered keypair (from a beacon) being used to attack operators.
- Port forwardings usable from other implants.
References
- github.com/BishopFox/sliver
- github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff
- github.com/BishopFox/sliver/commit/9122878cbbcae543eb8210f616550382af2065fd
- github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7
- github.com/advisories/GHSA-q8j9-34qf-7vq7
- nvd.nist.gov/vuln/detail/CVE-2025-27093
Code Behaviors & Features
Detect and mitigate CVE-2025-27093 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →