CVE-2025-10198
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-11-03

Assigner: CERT/CC

Description
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-10198
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lizardbyte sunshine 2025.122.141614
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10198 is a DLL search-order hijacking vulnerability in Sunshine for Windows (version v2025.122.141614). It occurs when the system PATH environment variable includes user-writable directories, allowing attackers to place malicious DLLs in those directories. When the application loads DLLs, it may load these malicious DLLs instead of legitimate ones, leading to potential compromise. The Sunshine project mitigated this by changing its DLL loading behavior to avoid searching the system PATH, reducing the risk without requiring immediate system-wide changes. [1]

Impact Analysis

This vulnerability can allow attackers to execute malicious code with the privileges of the affected application by tricking it into loading malicious DLLs from user-writable directories in the system PATH. If the application runs with administrative privileges, this can lead to a full system compromise or unauthorized actions performed with elevated rights. [1]

Detection Guidance

This vulnerability can be detected by checking if the system-wide PATH environment variable includes user-writable directories, which could allow malicious DLLs to be loaded. On Windows, you can inspect the PATH variable and verify permissions on each directory. For example, use the command `echo %PATH%` in Command Prompt to view the PATH, and then check directory permissions with `icacls <directory_path>`. Additionally, monitoring for unexpected DLL loads from user-writable directories can help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include removing or restricting user-writable directories from the system-wide PATH environment variable to prevent malicious DLL insertion. Additionally, updating Sunshine for Windows to a version that includes the fix (post June 13, 2025) is recommended, as it modifies DLL loading behavior to avoid searching the system PATH, reducing exposure to DLL hijacking. Ensuring proper permissions on PATH directories and following best practices for DLL loading can further reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10198. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart