Reverse Port Forwarding Flaw in Sliver Adversary Emulation Framework
CVE-2025-27090

6.9MEDIUM

Key Information:

Vendor: Bishopfox
Status: Sliver
Vendor: CVE Published:; 19 February 2025

Badges

🔥 Trending now📈 Trended📈 Score: 4,860

What is CVE-2025-27090?

CVE-2025-27090 is a vulnerability found in the Sliver Adversary Emulation Framework developed by Bishopfox. This open-source tool is designed for conducting security testing and red teaming activities. The vulnerability involves a flaw in the reverse port forwarding mechanism of the Sliver teamserver, which may allow unauthorized opening of reverse tunnels. Organizations utilizing this framework could face significant security risks, as the flaw could expose sensitive information, such as the server's IP address, to potential attackers.

Technical Details

The vulnerability pertains to the reverse port forwarding functionality within the Sliver teamserver, enabling an implant to open a reverse tunnel without proper verification from the operator. This lack of control could allow an attacker to exploit the framework's operations, leading to unauthorized network access and communication.

The issue has been addressed in version 1.5.43 of the framework, and all users are strongly encouraged to upgrade to this version to mitigate the risks associated with the vulnerability. Currently, there are no known workarounds for this issue.

Potential Impact of CVE-2025-27090

Exposure of Server IP Address: The primary impact of this vulnerability is the potential exposure of the server's IP address to third parties, which could lead to targeted attacks against the organization's infrastructure.
Unauthorized Network Access: Attackers could leverage this vulnerability to gain unauthorized access to the network, allowing them to execute further malicious activities, such as lateral movement or data exfiltration.
Compromise of Security Testing Integrity: Given that Sliver is a tool used for security testing, any exploitation of this vulnerability could undermine the integrity of the security assessments conducted by organizations, potentially leading to misleading conclusions about their security posture.