CVE-2025-10198

Description

Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.

PUBLISHED Reserved 2025-09-09 | Published 2025-09-09 | Updated 2026-01-20 | Assigner certcc

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

References

www.kb.cert.org/vuls/id/974249

github.com/LizardByte/Sunshine/pull/3971

github.com/...ommit/9db11a906167bd962e57896223d7b9718058aeb2

cve.org (CVE-2025-10198)

nvd.nist.gov (CVE-2025-10198)

Download JSON