CVE-2025-27090: SSRF in sliver teamserver
(updated )
The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so
References
- github.com/BishopFox/sliver
- github.com/BishopFox/sliver/commit/0f340a25cf3d496ed870dae7da39eab4427bc16f
- github.com/BishopFox/sliver/commit/10e245326070c6a5884a02e0790bb7e2baefb3a1
- github.com/BishopFox/sliver/security/advisories/GHSA-fh4v-v779-4g2w
- github.com/advisories/GHSA-fh4v-v779-4g2w
- nvd.nist.gov/vuln/detail/CVE-2025-27090
Detect and mitigate CVE-2025-27090 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →