6 matches found
CVE-2021-44226
CVE-2021-44226 affects Razer Synapse prior to 3.7.0228.022817. The vulnerability arises from relying on the directory %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer was created by an unprivileged user before installation, allowing an unprivileged user to place trojan horse D...
CVE-2022-47632
CVE-2022-47632 affects Razer Synapse pre-3.7.0830.081906. The vulnerability stems from an unsafe installation path, improper privilege management, and improper certificate validation that enables DLL hijacking via a malicious DLL placed in %PROGRAMDATA%\Razer\Synapse3\Service\bin before the servi...
CVE-2022-47631
CVE-2022-47631 affects Razer Synapse up to version 3.7.1209.121307 (and earlier). The issue is a time‑of‑check/time‑of‑use race involving an unsafe installation path and improper privilege management that allows local users to escalate to administrator by replacing a legitimate DLL in %PROGRAMDAT...
CVE-2025-9871
CVE-2025-9871 describes a local privilege escalation in Razer Synapse 3 via the Razer Chroma SDK installer. The root cause is a symbolic link abuse in the installer that can be leveraged to delete arbitrary files, enabling an attacker who already has low-privilege code execution to escalate to SY...
CVE-2025-9869
CVE-2025-9869 concerns a local privilege escalation in Razer Synapse 3 Macro Module . The flaw exists in the Razer Synapse Service where an attacker can abuse a created symbolic link to delete arbitrary files. This may allow an attacker to escalate privileges and execute arbitrary code in the con...
CVE-2025-9870
CVE-2025-9870 : Local privilege escalation in Razer Synapse 3 via the Philips Hue module installer. The flaw arises from a symbolic link in the Philips Hue installer that allows an attacker with low-privilege code execution to abuse the installer and delete arbitrary files, enabling code executio...