Overview
The vulnerability known as CVE-2025-10199 is a local privilege escalation flaw detected in Sunshine for Windows. This vulnerability could potentially affect any business or individual using this software, particularly if they are running version v2025.122.141614 or prior. The risk lies in the unquoted service path, rendering the system susceptible to compromise and potential data leakage.
Vulnerability Summary
CVE ID: CVE-2025-10199
Severity: High (7.8 CVSS score)
Attack Vector: Local
Privileges Required: Low
User Interaction: Required
Impact: Potential system compromise or data leakage
Affected Products
Escape the Surveillance Era
Most apps won’t tell you the truth.
They’re part of the problem.
Phone numbers. Emails. Profiles. Logs.
It’s all fuel for surveillance.
Ameeba Chat gives you a way out.
- • No phone number
- • No email
- • No personal info
- • Anonymous aliases
- • End-to-end encrypted
Chat without a trace.
Product | Affected Versions
Sunshine for Windows | v2025.122.141614 and prior versions
How the Exploit Works
The CVE-2025-10199 vulnerability arises from an unquoted service path in Sunshine for Windows. This oversight means that if a local attacker can insert an executable file in the service path, the system could potentially execute it. This execution could result in the escalation of privileges, giving the attacker the ability to compromise the system or cause data leakage.
Conceptual Example Code
The following is a conceptual example of how this vulnerability might be exploited:
# Attacker places malicious executable in service path
echo 'malicious_code' > C:\\Program Files\\Sunshine\\malicious.exe
# Service executes malicious code on startup, escalating privileges
sc start SunshineServicePlease note that this is a conceptual example and not an actual exploit code. The actual process of exploiting this vulnerability would likely involve more sophisticated techniques and malicious code.
