MITM Vulnerability in Sunshine Self-hosted Game Stream Host
CVE-2024-51738
7.7HIGH
Key Information:
- Vendor
- Lizardbyte
- Status
- Sunshine
- Vendor
- CVE Published:
- 20 January 2025
Summary
A vulnerability in Sunshine's pairing protocol allows an unauthenticated attacker to exploit request order validation issues, potentially hijacking legitimate pairing attempts. This weakness may enable malicious actors to pair a client without authorization, posing significant security risks to users. Additionally, it could lead to a remote crash of the Sunshine application. This issue is addressed in version 2025.118.151840.
Affected Version(s)
Sunshine < 2025.118.151840
References
CVSS V4
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved