CVE-2025-9871
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-06
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| razer | synapse | to 3.10.730.71519 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Razer Chroma SDK installer used by Razer Synapse 3. It allows a local attacker who can already run low-privileged code on the system to create a symbolic link that the installer abuses to delete arbitrary files. This can be leveraged to escalate privileges and execute arbitrary code with SYSTEM-level permissions.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain SYSTEM-level privileges on your machine, potentially leading to full control over the system, unauthorized access to sensitive data, and the ability to execute malicious code with the highest privileges.