CVE-2025-54081

Name of the Vulnerable Software and Affected Versions Sunshine versions prior to 2025.923.33222

Description Sunshine, a self-hosted game stream host for Moonlight, is affected by an issue where the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory containing spaces, the Service Control Manager (SCM) may incorrectly interpret the path and potentially execute a malicious binary placed earlier in the search string.

Recommendations Update to version 2025.923.33222 or later.