SSRF in Bishopfox Sliver

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.008 (74.6th percentile) — read the EPSS interpretation.

Affected products

Bishopfox Sliver — versions >= 1.5.26, < 1.5.43

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/BishopFox/sliver/security/advisories/GHSA-fh4v-v779-4g2w (x_refsource_CONFIRM)
https://github.com/BishopFox/sliver/commit/0f340a25cf3d496ed870dae7da39eab4427bc16f (x_refsource_MISC)
https://github.com/BishopFox/sliver/commit/10e245326070c6a5884a02e0790bb7e2baefb3a1 (x_refsource_MISC)