Home > Vulnerability Database > CVE-2025-27090

Mend.io Vulnerability Database

CVE-2025-27090

Good to know:

Date: February 19, 2025

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

5.3

Related Resources (6)

Url: https://github.com/BishopFox/sliver/commit/10e245326070c6a5884a02e0790bb7e2baefb3a1

Url: https://github.com/BishopFox/sliver/security/advisories/GHSA-fh4v-v779-4g2w

Url: https://github.com/BishopFox/sliver

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27090

Url: https://github.com/BishopFox/sliver/commit/0f340a25cf3d496ed870dae7da39eab4427bc16f

Url: https://www.mend.io/vulnerability-database/CVE-2025-27090

Severity Score

5.3

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version github.com/bishopfox/sliver - v1.5.43

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27090

Good to know:

Date: February 19, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?