CVE-2025-10198
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-11-03
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lizardbyte | sunshine | 2025.122.141614 |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10198 is a DLL search-order hijacking vulnerability in Sunshine for Windows (version v2025.122.141614). It occurs when the system PATH environment variable includes user-writable directories, allowing attackers to place malicious DLLs in those directories. When the application loads DLLs, it may load these malicious DLLs instead of legitimate ones, leading to potential compromise. The Sunshine project mitigated this by changing its DLL loading behavior to avoid searching the system PATH, reducing the risk without requiring immediate system-wide changes. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious code with the privileges of the affected application by tricking it into loading malicious DLLs from user-writable directories in the system PATH. If the application runs with administrative privileges, this can lead to a full system compromise or unauthorized actions performed with elevated rights. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the system-wide PATH environment variable includes user-writable directories, which could allow malicious DLLs to be loaded. On Windows, you can inspect the PATH variable and verify permissions on each directory. For example, use the command `echo %PATH%` in Command Prompt to view the PATH, and then check directory permissions with `icacls <directory_path>`. Additionally, monitoring for unexpected DLL loads from user-writable directories can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or restricting user-writable directories from the system-wide PATH environment variable to prevent malicious DLL insertion. Additionally, updating Sunshine for Windows to a version that includes the fix (post June 13, 2025) is recommended, as it modifies DLL loading behavior to avoid searching the system PATH, reducing exposure to DLL hijacking. Ensuring proper permissions on PATH directories and following best practices for DLL loading can further reduce risk. [1]