CNNVD-202510-3781 Information
CNNVD ID
CNNVD-202510-3781
Related CVE
- CNNVD Published: 2025-10-28
Description (Chinese)
Sliver是Bishop Fox开源的一个开源的跨平台对手模拟/红队框架。可以被各种规模的组织用来执行安全测试。 Sliver 1.5.43及之前版本和1.6.0-dev版本存在访问控制错误漏洞,该漏洞源于Wireguard客户端之间的流量不受限制,可能导致泄露或恢复的密钥对被用于攻击操作者或允许其他植入物访问端口转发。
Description (English)
Silver is an open source cross-platform rival simulation/red team framework for Bishop Fox open source. They can be used by organizations of all sizes to carry out safety tests. Sliver 1.5.43 and previous and 1.6.0-dev versions have access control error loopholes that stem from unrestricted traffic between Wireguard clients, which may lead to leaking or restored keys being used against operators or allowing other implants to access ports.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Bishop Fox
Published
2025-10-28
Last Modified
2026-02-24
References
https://github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff https://github.com/BishopFox/sliver/commit/9122878cbbcae543eb8210f616550382af2065fd https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7 https://access.redhat.com/security/cve/cve-2025-27093
Patch
https://github.com/BishopFox/sliver/releases
Share on: