AI description
CVE-2025-27090 pertains to a stored cross-site scripting (XSS) vulnerability found in the Drivr Lite – Google Drive Plugin, impacting versions up to and including 1.0. This vulnerability stems from improper neutralization of user input during web page generation. An attacker could exploit this vulnerability by injecting malicious scripts into the plugin, which would then be stored and executed when other users access the affected pages. This vulnerability allows arbitrary JavaScript code execution in the context of other users interacting with the plugin. Successful exploitation could lead to various attacks, such as session hijacking, cookie theft, or redirection to malicious websites.
- Description
- Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-918
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
19
تم العثور على ثغرة SSRF في Sliver C2 (CVE-2025-27090)، مما يسمح للمهاجم بقراءة وكتابة حركة مرور TCP عبر خوادم الفريق المتأثرة. يُظهر العرض التوضيحي تسريب عنوان IP لخادم فريق Sliver مخفيًا خلف إعادة التوجيه #Cyber_Security https://t.co/c861v2D3C1
@joker_plstaeen
21 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27090 02/19/2025 10:15:24 PM BaseSeverity: MEDIUM Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perfor... https://t.co/ZAUjmKEfC1
@CVETracker
20 Feb 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👻👻👻SSRF in Sliver C2 (CVE-2025-27090), allowing an attacker to read and write TCP traffic through affected teamservers. 🔥Demo shows leaking the IP of a Sliver teamserver hidden behind redirectors. ✅Join Telegram- https://t.co/V3wk76XHL2 🚨Writeup- https://t.co/ZndH75cWbn…
@wtf_brut
20 Feb 2025
1533 Impressions
5 Retweets
30 Likes
14 Bookmarks
0 Replies
1 Quote
CVE-2025-27090 Unverified Reverse Port Forwarding Vulnerability in Sliver Teamserver https://t.co/Czv96cYW9N
@VulmonFeeds
19 Feb 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Found an SSRF in Sliver C2 (CVE-2025-27090), allowing an attacker to read and write TCP traffic through affected teamservers. Demo shows leaking the IP of a Sliver teamserver hidden behind redirectors Writeup and PoC in replies https://t.co/psx7LtAy5s
@_chebuya
19 Feb 2025
48924 Impressions
99 Retweets
481 Likes
233 Bookmarks
8 Replies
7 Quotes