CVE-2025-10199
HIGHDescription
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.
Is your site exposed to CVE-2025-10199?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| lizardbyte | sunshine |
| microsoft | windows |
References
Frequently Asked Questions
What is CVE-2025-10199? +
How severe is CVE-2025-10199? +
What products are affected by CVE-2025-10199? +
How do I check if I'm vulnerable to CVE-2025-10199? +
Related Vulnerabilities
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the …
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with …
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write …
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a …
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during …
The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has …