CVE-2025-9871 (CNNVD-202510-3942)
中文标题:
Razer Synapse 3 后置链接漏洞
英文标题:
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability
漏洞描述
中文描述:
Razer Synapse 3是美国雷蛇(Razer)公司的一个应用软件。基于云的统一硬件配置工具。 Razer Synapse 3存在后置链接漏洞,该漏洞源于Razer Chroma SDK安装程序存在符号链接问题,可能导致权限提升和任意代码执行。
英文描述:
Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Razer | Synapse 3 | 3.10.228.21112 | - | - |
cpe:2.3:a:razer:synapse_3:3.10.228.21112:*:*:*:*:*:*:*
|
| razer | synapse | * | - | - |
cpe:2.3:a:razer:synapse:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.0 (cna)
HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-9871 |
2025-11-11 15:23:38 | 2025-11-11 07:40:54 |
| NVD | nvd_CVE-2025-9871 |
2025-11-11 15:01:07 | 2025-11-11 07:48:41 |
| CNNVD | cnnvd_CNNVD-202510-3942 |
2025-11-11 15:12:59 | 2025-11-11 08:00:20 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 后置链接
- cnnvd_id: 未提取 -> CNNVD-202510-3942
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']