MITM Vulnerability in Sunshine Self-hosted Game Stream Host
CVE-2024-51738

7.7HIGH

Key Information:

Vendor
Lizardbyte
Status
Sunshine
Vendor
CVE Published:
20 January 2025

Summary

A vulnerability in Sunshine's pairing protocol allows an unauthenticated attacker to exploit request order validation issues, potentially hijacking legitimate pairing attempts. This weakness may enable malicious actors to pair a client without authorization, posing significant security risks to users. Additionally, it could lead to a remote crash of the Sunshine application. This issue is addressed in version 2025.118.151840.

Affected Version(s)

Sunshine < 2025.118.151840

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.