Approved changes feed: RSS · Atom
cpe:2.3:a:razer:synapse:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Razer (cc125114-d031-5078-a1b1-5bcb31c6ca9b) |
|---|---|
| Product | Synapse (1e07385f-0228-51f2-8238-38b7cb11336e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9871 |
vulnerable | 2026-06-08 07:47:10.144293 |
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability
HIGH (7.8)
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373.
Published: 2025-10-29T19:33:46.072Z
Updated: 2025-10-30T14:37:08.224Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9870 |
vulnerable | 2026-06-08 07:47:10.144019 |
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability
HIGH (7.8)
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Philips HUE module installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26375.
Published: 2025-10-29T19:34:08.192Z
Updated: 2026-02-26T16:56:56.685Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9869 |
vulnerable | 2026-06-08 07:47:10.143581 |
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability
HIGH (7.8)
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Razer Synapse Service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26374.
Published: 2025-10-29T19:33:09.764Z
Updated: 2026-02-26T16:56:57.139Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-47632 |
vulnerable | 2026-06-08 05:50:40.841863 |
Details available
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
Published: 2023-01-27T00:00:00.000Z
Updated: 2025-03-28T15:53:40.000Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-47631 |
vulnerable | 2026-06-08 05:50:40.841101 |
Details available
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
Published: 2023-09-14T00:00:00.000Z
Updated: 2024-08-03T15:02:36.559Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44226 |
vulnerable | 2026-06-08 05:36:45.190971 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-11653 |
vulnerable | 2026-06-08 05:08:38.229581 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-11652 |
vulnerable | 2026-06-08 05:08:38.229194 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.