CVE-2025-9871

HIGH

Razer Synapse < 3.10.730.71519 - Symlink Following

Title source: rule

Description

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373.

References (1)

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-25-920/

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (1)

razer/synapse < 3.10.730.71519

Published Oct 29, 2025

Tracked Since Feb 18, 2026