CVE-2025-27090

Medium CVSS: 6.9

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor

Bishopfox

Product

Sliver

CWE

CWE-918

Yayın Tarihi

2025-02-19 22:15:24

Güncelleme

2025-02-27 20:30:33

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Sliver MEDIUM Bishopfox 2025

Referanslar

https://github.com/BishopFox/sliver/commit/0f340a25cf3d496ed870dae7da39eab4427bc16f https://github.com/BishopFox/sliver/commit/10e245326070c6a5884a02e0790bb7e2baefb3a1 https://github.com/BishopFox/sliver/security/advisories/GHSA-fh4v-v779-4g2w

Benzer Kayıtlar

Medium

CVE-2026-34227

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click…

High

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remo…

Medium

CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vul…

High

CVE-2026-25791

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener acc…

Medium

CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in th…