CVE-2024-51738 – Sunshine versions 0.23.1 and earlier have a pai... (How to Fix)

Q: What is the severity of CVE-2024-51738?

CVE-2024-51738 has a CVSS score of 8.1 (HIGH). Sunshine versions 0.23.1 and earlier have a pairing protocol vulnerability that allows man-in-the-middle attacks during client pairing. An unauthenticated attacker could hijack legitimate pairing attempts to gain unauthorized access or crash the service. This affects all users running vulnerable Sunshine instances for game streaming.

📋 TL;DR

Sunshine versions 0.23.1 and earlier have a pairing protocol vulnerability that allows man-in-the-middle attacks during client pairing. An unauthenticated attacker could hijack legitimate pairing attempts to gain unauthorized access or crash the service. This affects all users running vulnerable Sunshine instances for game streaming.

💻 Affected Systems

Products:

Sunshine

Versions: 0.23.1 and earlier

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All Sunshine installations with pairing enabled are vulnerable. The vulnerability exists in the pairing protocol implementation.

📦 What is this software?

Sunshine by Lizardbyte

View all CVEs affecting Sunshine →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains persistent unauthorized access to the Sunshine server, potentially compromising the host system and any connected gaming clients.

🟠

Likely Case

Attacker hijacks a pairing session to gain temporary unauthorized access to the streaming service or causes service disruption through crashes.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to service disruption rather than full system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to intercept pairing traffic. No public exploit code is available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.118.151840

Vendor Advisory: https://github.com/LizardByte/Sunshine/security/advisories/GHSA-3hrw-xv8h-9499

Restart Required: Yes

Instructions:

1. Stop Sunshine service. 2. Update to version 2025.118.151840 or later. 3. Restart Sunshine service. 4. Re-pair all clients using the updated protocol.

🔧 Temporary Workarounds

Disable Pairing Temporarily

all

Temporarily disable new client pairing until patched

Edit Sunshine config to set 'pairing' to false

Network Segmentation

all

Restrict Sunshine to trusted network segments only

Configure firewall to allow Sunshine traffic only from trusted IP ranges

🧯 If You Can't Patch

Isolate Sunshine server on separate VLAN with strict access controls
Implement network monitoring for unusual pairing attempts and MITM patterns

🔍 How to Verify

Check if Vulnerable:

Check Sunshine version: if version is 0.23.1 or earlier, system is vulnerable

Check Version:

sunshine --version or check Sunshine web interface

Verify Fix Applied:

Verify Sunshine version is 2025.118.151840 or later and test pairing functionality

📡 Detection & Monitoring

Log Indicators:

Multiple failed pairing attempts from same IP
Unusual pairing success patterns
Sunshine service crash logs

Network Indicators:

Unusual traffic patterns during pairing sessions
MITM detection alerts
ARP spoofing detection

SIEM Query:

source="sunshine.log" AND ("pairing failed" OR "unexpected pairing" OR "service crash")

📊 Metadata

CVE ID: CVE-2024-51738

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-305

EPSS Score: 0.24% exploit probability (46.5th percentile)

Published: January 20, 2025

Last Updated: September 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51738, you might also want to check these: