CyberSecurityBoard
Sponsor Register Login

Sliver C2 Server Vulnerability Let Attackers Open a TCP connection to Read Traffic

A critical server-side request forgery (SSRF) vulnerability (CVE-2025-27090) has been identified in the Sliver C2 framework’s teamserver implementation, enabling attackers to establish unauthorized TCP connections through vulnerable servers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Affecting versions 1.5.26 through 1.5.42 and pre-release builds below commit Of340a2, this vulnerability exposes red team infrastructure to potential IP leakage, lateral movement, and traffic interception. The vulnerability has been patched in commit 3f2a1b9 through improved session validation and tunnel creation checks. As red team tools increasingly become attack targets themselves, robust isolation of teamserver components remains crucial to operational security. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The vulnerability resides in the protocol handlers’ processing of implant registration and tunnel creation sequences. The vulnerability achieves full bidirectional communication through Sliver’s tunnel management system. This SSRF flaw highlights the critical need for strict input validation in C2 frameworks handling bidirectional network communications. While the security researchers at Chebuya noted that the Sliver’s architecture typically situates teamservers behind protective redirectors.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 25 Feb 2025 11:15:19 +0000


Cyber News related to Sliver C2 Server Vulnerability Let Attackers Open a TCP connection to Read Traffic

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
PyPi package backdoors Macs using the Sliver pen-testing suite - A new package mimicked the popular 'requests' library on the Python Package Index to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign involves ...
1 year ago Bleepingcomputer.com
Sliver Framework Customized to Boost Evasion & Bypass EDR Detections - When tested against Elastic EDR and Windows Defender, these customized Sliver implants successfully evaded detection both on disk and in memory, demonstrating how minor modifications to open-source offensive tools can significantly challenge modern ...
2 months ago Cybersecuritynews.com Cloak
Cybercriminals Take Advantage of Weaknesses in Sunlogin to Install Sliver Command and Control System - Cybercriminals are taking advantage of known weaknesses in Sunlogin software to deploy the Sliver command-and-control framework for post-exploitation activities. This was discovered by AhnLab Security Emergency response Center, which found that ...
2 years ago Thehackernews.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
2 years ago Heimdalsecurity.com
Sliver C2 Server Vulnerability Let Attackers Open a TCP connection to Read Traffic - A critical server-side request forgery (SSRF) vulnerability (CVE-2025-27090) has been identified in the Sliver C2 framework’s teamserver implementation, enabling attackers to establish unauthorized TCP connections through vulnerable servers. ...
3 months ago Cybersecuritynews.com CVE-2025-27090
Threat Actors Turn To SLIVER As Open Source Malware Toolkit - A new open source malware toolkit, called SLIVER, is being used by threat actors to create and spread malicious programs. SLIVER is a modularized, open-source malware framework that allows users to easily build and deploy malicious Visual Basic ...
2 years ago Thehackernews.com
Hijacking Your Bandwidth How Proxyware Apps Open You Up to Risk - Is this true? To examine and understand the kind of risks a potential user might be exposed to by joining such programs, we recorded and analyzed network traffic from a large number of exit nodes of several different network bandwidth sharing ...
2 years ago Trendmicro.com
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
1 year ago Thedfirreport.com
Illegal Access to Windows Computers Through Silver and Bring Your Own Device Vulnerabilities - A recent hacking campaign has been exploiting vulnerabilities in Sunlogin, a remote-control software, to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software. ...
2 years ago Bleepingcomputer.com
Calling Home, Get Your Callbacks Through RBI - Following a brief introduction to the technology, we share our firsthand experiences when encountering RBI solutions and techniques the SpecterOps team have employed for establishing command and control to systems that proxy traffic through RBI ...
1 year ago Securityboulevard.com
Exploiting a Windows Device Through an Alternative to Cobalt Strike Called Sliver - Security analysts at AhnLab Security Emergency Response Center have detected a new hacking campaign that takes advantage of Windows BYOVD attacks to disable security software and deploy the post-exploitation toolkit Sliver. Sliver is an alternative ...
2 years ago Cybersecuritynews.com
CVE-2024-53168 - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task ...
5 months ago Tenable.com
CVE-2024-41111 - Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged ...
10 months ago
Launching Your First Open Source Project - I've been deeply immersed in the world of developer products for the past decade, and let me tell you, I've been quite an open-source enthusiast. Over the years, I've had the pleasure of shepherding open-source projects of all shapes and sizes. ...
1 year ago Feeds.dzone.com Cactus
CVE-2025-27090 - Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on ...
4 months ago Tenable.com
Kasada Embraces Machine Learning to Reduce Bot Traffic - Kasada has updated its bot defense platform to add hundreds of sensors and machine learning algorithms that detect, in real-time, code that might otherwise bypass legacy approaches to detecting machine-generated traffic rather than that generated by ...
1 year ago Securityboulevard.com
CVE-2017-6641 - A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The ...
5 years ago
Understanding a SYN Flood and How to Guard Your Server Against It - SYN Flood is a type of denial-of-service attack in which a malicious actor sends a large number of requests to a server, but does not acknowledge the connection, leaving it half-open. This is usually done with the intention of consuming server ...
2 years ago Heimdalsecurity.com
Why Bot Management Should Be a Crucial Element of Your Marketing Strategy - Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and ...
1 year ago Imperva.com
Are the Fears about the EU Cyber Resilience Act Justified? - "The draft cyber resilience act approved by the Industry, Research and Energy Committee aims to ensure that products with digital features, e.g. phones or toys, are secure to use, resilient against cyber threats and provide enough information about ...
1 year ago Securityboulevard.com
Are the Fears About the EU Cyber Resilience Act Justified? - On Wednesday, July 19, the European Parliament voted in favor of a major new legal framework regarding cybersecurity: the Cyber Resilience Act. The act enters murky waters when it comes to open-source software. It typically accounts for 70% to 90% of ...
1 year ago Feeds.dzone.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
CVE-2022-30313 - Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated ...
1 year ago
First Time Ever AI Bad Bots Accounts 51% Traffic Suppresses Human Traffic - In a watershed moment for internet traffic patterns, automated bots have officially surpassed human activity for the first time in history, accounting for a staggering 51% of all web traffic in 2024, according to Imperva’s latest Bad Bot ...
2 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)