cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-27090,https://securityvulnerability.io/vulnerability/CVE-2025-27090,Reverse Port Forwarding Flaw in Sliver Adversary Emulation Framework,"The Sliver adversary emulation framework has a significant vulnerability that allows an implant to establish a reverse tunnel on the Sliver teamserver without proper authorization. This mechanism does not require the operator's explicit instruction, potentially exposing the server's IP address to unauthorized third parties. Users are strongly advised to upgrade to version 1.5.43 or later, as there are no workarounds to mitigate this issue.",Bishopfox,Sliver,6.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,true,false,,2025-02-19T21:11:06.671Z,5195
CVE-2024-41111,https://securityvulnerability.io/vulnerability/CVE-2024-41111,"Sliver Vulnerable to RCE, Could Pwn Server","The vulnerability in Sliver, an open-source cross-platform adversary emulation framework from BishopFox, allows a low-privileged 'operator' user to execute commands on the teamserver as the system root user, leading to unauthorized actions. This flaw enables operators to access console logs, terminate other operator sessions, and manipulate or delete files on the server. Although this issue has been recognized and flagged in previous discussions, it remains unaddressed in the current prerelease version 1.6.0. Organizations using this version are strongly advised against deploying it in production environments until a fix is implemented.",Bishopfox,Sliver,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-18T23:15:00.000Z,0
CVE-2023-34758,https://securityvulnerability.io/vulnerability/CVE-2023-34758,Improper Cryptographic Implementation in Sliver from Tangent,"The Sliver framework, ranging from versions v1.5.x to v1.5.39, exhibits an improper cryptographic implementation flaw. This vulnerability potentially allows an attacker to launch a man-in-the-middle attack by intercepting and manipulating responses, placing sensitive information at risk. It underscores the need for robust cryptographic practices to ensure secure communications within the framework.",Bishopfox,Sliver,8.1,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-08-28T00:00:00.000Z,0