leonjza · June 3, 2025 09:14
diff --git a/disclosure.txt b/disclosure.txt
 Title: Local Privilege Escalation Vulnerability in Razer Synapse 4
 CVE-ID: CVE-2025-27811
 Reported Date: 22 February 2025
 Reported By: Leon Jacobs, Orange Cyberdefense's SensePost Team

 Vendor: Razer Inc.
 Product: Razer Synapse 4
 Affected Version: v4.0.86.2502180127 (and potentially earlier)
 Affected Component: razer_elevation_service.exe
 Component Version (Affected): v1.1.0.5
 Component Version (Fixed): v1.1.0.6

 Description:

 A local privilege escalation vulnerability exists in Razer Synapse 4 version 4.0.86.2502180127, specifically in the razer_elevation_service.exe component. The service improperly handles inter-process communication (IPC), allowing a local attacker with limited privileges to craft specific requests that trigger the execution of arbitrary code with SYSTEM-level privileges. Exploitation requires local access. The issue has been addressed in component version v1.1.0.6.
	Title: Local Privilege Escalation Vulnerability in Razer Synapse 4
	CVE-ID: CVE-2025-27811
	Reported Date: 22 February 2025
	Reported By: Leon Jacobs, Orange Cyberdefense's SensePost Team

	Vendor: Razer Inc.
	Product: Razer Synapse 4
	Affected Version: v4.0.86.2502180127 (and potentially earlier)
	Affected Component: razer_elevation_service.exe
	Component Version (Affected): v1.1.0.5
	Component Version (Fixed): v1.1.0.6

	Description:

	A local privilege escalation vulnerability exists in Razer Synapse 4 version 4.0.86.2502180127, specifically in the razer_elevation_service.exe component. The service improperly handles inter-process communication (IPC), allowing a local attacker with limited privileges to craft specific requests that trigger the execution of arbitrary code with SYSTEM-level privileges. Exploitation requires local access. The issue has been addressed in component version v1.1.0.6.