SB2025100109 - Multiple vulnerabilities in Razer Synapse 3

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Link following (CVE-ID: CVE-2025-9869)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an insecure link following issue within the Razer Synapse Service. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

2) Link following (CVE-ID: CVE-2025-9870)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an insecure link following issue within the Philips HUE module installer. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

3) Link following (CVE-ID: CVE-2025-9871)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an insecure link following issue within the Razer Chroma SDK installer. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Remediation

Install update from vendor's website.

References

• https://www.zerodayinitiative.com/advisories/ZDI-25-919/
• https://www.zerodayinitiative.com/advisories/ZDI-25-921/
• https://www.zerodayinitiative.com/advisories/ZDI-25-920/