QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-27090

Back to search

CVE-2025-27090

Published: Feb 19, 2025

Modified: Feb 19, 2025

PUBLISHED

Description

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

VendorProductVersions

BishopFox

sliver

affected
>= 1.5.26, < 1.5.43

Weaknesses (CWE)

CWE-918

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now