What is CVE-2025-27093?

CVE-2025-27093 is a medium-severity vulnerability in Bishopfox Sliver, classified under Improper Access Control. CVSS score: 6.3/10. Published 2025-10-28.

How severe is CVE-2025-27093?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Bishopfox Sliver

CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to co…

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Bishopfox Sliver — versions <= 1.5.43

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7 (x_refsource_CONFIRM)
https://github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff (x_refsource_MISC)
https://github.com/BishopFox/sliver/commit/9122878cbbcae543eb8210f616550382af2065fd (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-27093?: CVE-2025-27093 is a medium-severity vulnerability in Bishopfox Sliver, classified under Improper Access Control. CVSS score: 6.3/10. Published 2025-10-28.
How severe is CVE-2025-27093?: Medium severity. CVSS v3 base score is 6.3 out of 10.