Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution
Vulnerability Description
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path incrementally and may execute a malicious binary placed earlier in the search string. This issue has been patched in version 2025.923.33222.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
未经引用的搜索路径或元素
Vulnerability Title
Sunshine 安全漏洞
Vulnerability Description
Sunshine是LizardByte开源的一个 Moonlight 的自助游戏流主机。 Sunshine 2025.923.33222之前版本存在安全漏洞,该漏洞源于Windows服务SunshineService安装时未使用引号包裹可执行路径,可能导致执行恶意二进制文件。
CVSS Information
N/A
Vulnerability Type
N/A