{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T07:55:21.943","vulnerabilities":[{"cve":{"id":"CVE-2024-51738","sourceIdentifier":"security-advisories@github.com","published":"2025-01-20T16:15:27.667","lastModified":"2025-09-11T21:33:04.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairing attempt. This bug may also be used by a remote attacker to crash Sunshine. This vulnerability is fixed in 2025.118.151840."},{"lang":"es","value":"Sunshine es un servidor de transmisión de juegos autoalojado para Moonlight. En la versión 0.23.1 y anteriores, la implementación del protocolo de emparejamiento de Sunshine no valida el orden de las solicitudes y, por lo tanto, es vulnerable a un ataque MITM, lo que potencialmente permite que un atacante no autenticado empareje un cliente secuestrando un intento de emparejamiento legítimo. Un atacante remoto también puede usar este error para bloquear Sunshine. Esta vulnerabilidad se corrigió en 2025.118.151840."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-305"},{"lang":"en","value":"CWE-476"},{"lang":"en","value":"CWE-841"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:*","versionEndExcluding":"2025.118.151840","matchCriteriaId":"D6CCACC5-BB09-47AF-ADD4-7E2D267B4CDB"}]}]}],"references":[{"url":"https://github.com/LizardByte/Sunshine/commit/89f097ae65277d42b5d40163d09d92e412e6d7dd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}