SSRF in sliver teamserver
The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so
Advisories for Golang/Github.com/Bishopfox/Sliver package
2025
2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user.
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user.
2023
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
The current cryptography implementation in Sliver up to version 1.5.39 allows a MitM with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. (Reserved CVE ID: CVE-2023-34758)