CVE-2025-54081 - CERT CVE
ID CVE-2025-54081
Sažetak Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path incrementally and may execute a malicious binary placed earlier in the search string. This issue has been patched in version 2025.923.33222.
Reference
CVSS
Base: 6.7
Impact: 5.9
Exploitability:0.8
Pristup
VektorSloženostAutentikacija
LOCAL HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje 08-10-2025 - 17:48
Objavljeno 23-09-2025 - 19:15