SCA: security update for github.com/bishopfox/sliver (GHSA-fh4v-v779-4g2w)

medium Tenable Self-Hosted Container Security Plugin ID 420923

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by
organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver
allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator
instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP
address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to
upgrade. There are no known workarounds for this vulnerability. (CVE-2025-27090)

See Also

https://github.com/advisories/GHSA-fh4v-v779-4g2w

Plugin Details

Severity: Medium

ID: 420923

Version: Revision 1.18

Type: Local

Family: SCA Checks

Published: 2/20/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 1.2

Percentile: 0.01

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2025-27090

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 5.5

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/19/2025

Vulnerability Publication Date: 2/19/2025

Reference Information

CVE: CVE-2025-27090

cwe: CWE-918