5 matches found
CVE-2025-53095
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...
CVE-2025-53095 Sunshine application-wide CSRF in the UI leads to command injection as Administrator
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...
CVE-2025-53095
CVE-2025-53095 applies to Sunshine, a self-hosted game stream host for Moonlight. Before version 2025.628.4510, the web UI lacked CSRF protection, allowing an authenticated user to trigger unintended actions by crafting a malicious page. Because Sunshine performs OS command execution by design, a...
CVE-2025-53095 Sunshine application-wide CSRF in the UI leads to command injection as Administrator
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...
CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...