ID |
CVE-2025-54081
|
Sažetak |
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path incrementally and may execute a malicious binary placed earlier in the search string. This issue has been patched in version 2025.923.33222. |
Reference |
|
CVSS |
Base: | 6.7 |
Impact: | 5.9 |
Exploitability: | 0.8 |
|
Pristup |
Vektor | Složenost | Autentikacija |
LOCAL |
HIGH |
LOW |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
HIGH |
HIGH |
HIGH |
|
CVSS vektor |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Zadnje važnije ažuriranje |
08-10-2025 - 17:48 |
Objavljeno |
23-09-2025 - 19:15 |