CNNVD-202507-009 Information
CNNVD ID
CNNVD-202507-009
Related CVE
- CNNVD Published: 2025-07-01
Description (Chinese)
Sunshine是LizardByte开源的一个 Moonlight 的自助游戏流主机。 Sunshine 2025.628.4510之前版本存在跨站请求伪造漏洞,该漏洞源于web UI缺少跨站请求伪造保护,可能导致执行任意命令。
Description (English)
Sunshine is a Moonlight self-help game stream host to Lizard Byte’s open source. The pre-Sunshine 2025.628.4510 version had a false gap in cross-site requests, which stemmed from the lack of cross-site protection requested by the web UI, which could lead to arbitrary orders.
Hazard Level
Low
Vulnerability Type
跨站请求伪造
Affected Vendor
LizardByte
Published
2025-07-01
Last Modified
2026-02-24
References
https://github.com/LizardByte/Sunshine/security/advisories/GHSA-39hj-fxvw-758m https://github.com/LizardByte/Sunshine/commit/738ac93a0ec1cd10412d1f339968775f53bfefe0 https://nvd.nist.gov/vuln/detail/CVE-2025-53095 https://access.redhat.com/security/cve/cve-2025-53095
Patch
https://github.com/LizardByte/Sunshine/releases
Share on: