Approved changes feed: RSS · Atom

cpe:2.3:a:razer:synapse_3:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorRazer (cc125114-d031-5078-a1b1-5bcb31c6ca9b)
ProductSynapse 3 (e192bfae-be83-573b-a2c1-c5936103715e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-9871 vulnerable 2026-06-08 07:47:10.144260 Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability
HIGH (7.8)
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373.
Published: 2025-10-29T19:33:46.072Z
Updated: 2025-10-30T14:37:08.224Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-9870 vulnerable 2026-06-08 07:47:10.143977 Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability
HIGH (7.8)
Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Philips HUE module installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26375.
Published: 2025-10-29T19:34:08.192Z
Updated: 2026-02-26T16:56:56.685Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-9869 vulnerable 2026-06-08 07:47:10.142764 Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability
HIGH (7.8)
Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Synapse Service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26374.
Published: 2025-10-29T19:33:09.764Z
Updated: 2026-02-26T16:56:57.139Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.