CVE-2025-27090: 
vulnerability analysis and mitigation

Sliver, an open source cross-platform adversary emulation/red team framework, was found to contain a vulnerability (CVE-2025-27090) in its teamserver component. The vulnerability affects versions from v1.5.26 to v1.5.42 and v1.6.0 prior to commit 0f340a2. The issue was discovered and disclosed on February 19, 2025, and allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so (GitHub Advisory, NVD).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) issue. The flaw exists in the reverse port forwarding functionality of the sliver teamserver, where the system fails to properly validate tunnel creation requests. The vulnerability has received a CVSS v4.0 Base Score of 6.9 (MEDIUM) with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N, and a CVSS v3.1 Base Score of 5.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

The primary impact of this vulnerability is the exposure of the server's IP address to unauthorized third parties. This is particularly concerning for organizations using redirectors, as it could potentially reveal the true location of their command and control infrastructure (GBHackers).

The vulnerability has been patched in version 1.5.43 and v1.6.0 (commit 0f340a2). All users are advised to upgrade to these or later versions. There are no known workarounds for this vulnerability, making the upgrade the only effective mitigation strategy (NVD).