CVE-2025-27090

Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.26 through 1.5.42

Description The reverse port forwarding in Sliver Teamserver allows the implant to open a reverse tunnel on the Sliver Teamserver without verifying if the operator instructed the implant to do so. This issue can lead to the exposure of the server's IP address to a third party.

Recommendations For Sliver versions 1.5.26 through 1.5.42, upgrade to version 1.5.43 to address the issue. As a temporary workaround, consider disabling the reverse port forwarding feature in the Sliver Teamserver until a patch is available. Restrict access to the Sliver Teamserver to minimize the risk of exploitation.