A critical server-side request forgery (SSRF) vulnerability (CVE-2025-27090) has been identified in the Sliver C2 framework’s teamserver implementation, enabling attackers to establish unauthorized TCP connections through vulnerable servers.
Affecting versions 1.5.26 through 1.5.42 and pre-release builds below commit Of340a2, this vulnerability exposes red team infrastructure to potential IP leakage, lateral movement, and traffic interception.
The vulnerability resides in the protocol handlers’ processing of implant registration and tunnel creation sequences.
While the security researchers at Chebuya noted that the Sliver’s architecture typically situates teamservers behind protective redirectors.
.webp)
However, this flaw allows bypassing those safeguards through crafted implant callbacks.
Technical Mechanism of the SSRF Exploit
The exploit chain leverages two critical handler functions in Sliver’s Go codebase.
First, the registerSessionHandler creates a session object for new implants through Protobuf deserialization:
// server/handlers/sessions.go
session := core.NewSession(implantConn)
core.Sessions.Add(session) // Adds session to teamserver trackingAttackers then exploit the tunnelDataHandler by sending specially crafted TunnelData messages with CreateReverse set to true:-
// server/handlers/session.go
if rtunnel == nil && tunnelData.CreateReverse == true {
createReverseTunnelHandler(implantConn, data) // Triggers SSRF
}This forces the teamserver to establish outbound connections through the defaultDialer.DialContext call:-
remoteAddress := fmt.Sprintf("%s:%d", req.Rportfwd.Host, req.Rportfwd.Port)
dst, err := defaultDialer.DialContext(ctx, "tcp", remoteAddress)The vulnerability achieves full bidirectional communication through Sliver’s tunnel management system.
As demonstrated in the Python PoC code, attackers first register a fake session then initiate reverse tunnels:-
registration_envelope = generate_registration_envelope()
ssock.write(registration_envelope_len + registration_envelope)
reverse_tunnel_envelope = generate_create_reverse_tunnel_envelope(target_ip, port, data)
ssock.write(reverse_tunnel_envelope_len + reverse_tunnel_envelope)The vulnerability has been patched in commit 3f2a1b9 through improved session validation and tunnel creation checks.
Administrators must immediately update to Sliver v1.5.43+ and audit all staging listeners for unauthorized shellcode generation capabilities.
This SSRF flaw highlights the critical need for strict input validation in C2 frameworks handling bidirectional network communications.
As red team tools increasingly become attack targets themselves, robust isolation of teamserver components remains crucial to operational security.
Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here