Sunshine for Windows DLL Search-Order Hijacking Vulnerability

A DLL search-order hijacking vulnerability has been identified in Sunshine for Windows, version v2025.122.141614. This vulnerability allows attackers to insert a malicious DLL into user-writable PATH directories. If an application is run with administrative privileges, it may load the malicious DLL from the compromised directory, potentially leading to unauthorized actions or system modifications.

Impact

Exploitation of this vulnerability could allow for the execution of arbitrary code with elevated privileges, by loading a malicious DLL into an application running as an administrator.

Reproduction

To reproduce this vulnerability, an administrator must first add a user-writable directory to the system-wide PATH variable. Once this is done, any application running with administrative rights can be manipulated to load a DLL from the compromised directory. This can be achieved by placing a malicious DLL in the user-writable PATH directory and then launching an application that will load the DLL, such as Sunshine for Windows.

Remediation

Users can remove the user-writable directory from the system-wide PATH variable to mitigate this vulnerability. Additionally, updating to Sunshine version v2025.628.4510 or later, which includes a fix for this issue, is recommended.