AI description
CVE-2025-27090 pertains to a stored cross-site scripting (XSS) vulnerability found in the Drivr Lite – Google Drive Plugin, impacting versions up to and including 1.0. This vulnerability stems from improper neutralization of user input during web page generation. An attacker could exploit this vulnerability by injecting malicious scripts into the plugin, which would then be stored and executed when other users access the affected pages. This vulnerability allows arbitrary JavaScript code execution in the context of other users interacting with the plugin. Successful exploitation could lead to various attacks, such as session hijacking, cookie theft, or redirection to malicious websites.
- Description
- Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-918
- Hype score
- Not currently trending
⚠️ Vulnerability Alert: Sliver C2 Server Vulnerability Enables TCP Hijacking for Traffic Interception 📅 Timeline: Disclosure: 2025-02-19, Patch: 2025-02-19 📌 Attribution: BishopFox 🆔cveId: CVE-2025-27090 📊baseScore: 6.9 📏cvssMetrics:… https://t.co/dCfn2YpgyQ
@syedaquib77
25 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SSRF в C2 Sliver Teamserver CVE-2025-27090 Affected versions: >= 1.5.26, <= 1.5.42 Patched versions: 1.5.43 Info: https://t.co/rmwOx9uO7X PoC: [https://t.co/qrlRYjEPhN] https://t.co/s0xird6Lmk
@HackingTeam777
24 Feb 2025
724 Impressions
3 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
تم العثور على ثغرة SSRF في Sliver C2 (CVE-2025-27090)، مما يسمح للمهاجم بقراءة وكتابة حركة مرور TCP عبر خوادم الفريق المتأثرة. يُظهر العرض التوضيحي تسريب عنوان IP لخادم فريق Sliver مخفيًا خلف إعادة التوجيه #Cyber_Security https://t.co/c861v2D3C1
@joker_plstaeen
21 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27090 02/19/2025 10:15:24 PM BaseSeverity: MEDIUM Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perfor... https://t.co/ZAUjmKEfC1
@CVETracker
20 Feb 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👻👻👻SSRF in Sliver C2 (CVE-2025-27090), allowing an attacker to read and write TCP traffic through affected teamservers. 🔥Demo shows leaking the IP of a Sliver teamserver hidden behind redirectors. ✅Join Telegram- https://t.co/V3wk76XHL2 🚨Writeup- https://t.co/ZndH75cWbn…
@wtf_brut
20 Feb 2025
1533 Impressions
5 Retweets
30 Likes
14 Bookmarks
0 Replies
1 Quote
CVE-2025-27090 Unverified Reverse Port Forwarding Vulnerability in Sliver Teamserver https://t.co/Czv96cYW9N
@VulmonFeeds
19 Feb 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Found an SSRF in Sliver C2 (CVE-2025-27090), allowing an attacker to read and write TCP traffic through affected teamservers. Demo shows leaking the IP of a Sliver teamserver hidden behind redirectors Writeup and PoC in replies https://t.co/psx7LtAy5s
@_chebuya
19 Feb 2025
48924 Impressions
99 Retweets
481 Likes
233 Bookmarks
8 Replies
7 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bishopfox:sliver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6109E798-21E6-4BD3-A1FE-103E1F5E90AF",
"versionEndExcluding": "1.5.43",
"versionStartIncluding": "1.5.26"
}
],
"operator": "OR"
}
]
}
]