CVE-2025-27090 — MEDIUM (5.3)

Q: How severe is CVE-2025-27090?

CVE-2025-27090 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-27090?

Check the references section above for vendor advisories and patch information. Affected products include: Bishopfox Sliver.

Vulnerability Description

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bishopfox	Sliver	>= 1.5.26, < 1.5.43

Related Weaknesses (CWE)

CWE-918

References

FAQ

What is CVE-2025-27090?

CVE-2025-27090 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserv...

How severe is CVE-2025-27090?

CVE-2025-27090 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-27090?

Check the references section above for vendor advisories and patch information. Affected products include: Bishopfox Sliver.