How to fix CVE-2025-27811?

Within 24 hours: Identify all systems running Razer Synapse 4 versions 4.0.0 through 4.0.86.2502180127 and restrict local access to affected devices where possible. Within 7 days: Assess exposure by reviewing user access patterns and privilege levels on affected systems; communicate risk to affected user groups and restrict Razer Synapse 4 installation on high-risk systems until patched. Within 30 days: Establish a vendor monitoring schedule for patch availability; mandate upgrade to patched version immediately upon release, or remove Razer Synapse 4 from devices where alternatives exist.

Is Windows affected by CVE-2025-27811?

A local privilege escalation vulnerability in Razer Synapse 4 allows attackers with local system access to gain elevated privileges, potentially compromising system integrity and sensitive data.

CVE-2025-27811

EUVD-2025-16873 HIGH

2025-06-04 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16873

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

CVE Published

Jun 04, 2025 - 14:15 nvd

HIGH 7.8

Description

A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service.

Analysis

Local privilege escalation vulnerability in Razer Synapse 4 (versions through 4.0.86.2502180127) affecting the razer_elevation_service.exe component. An authenticated local attacker can exploit a vulnerable COM interface to escalate from standard user privileges to SYSTEM/administrative level, gaining full control over the affected system. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access but no user interaction, making it a significant risk for multi-user systems and enterprise deployments.

Technical Context

The vulnerability resides in the razer_elevation_service.exe, a Windows service component of Razer Synapse 4 that operates with elevated (SYSTEM) privileges. The root cause is classified as CWE-269 (Improper Access Control), specifically an inadequately protected COM (Component Object Model) interface. COM is a binary-interface standard for software components in Windows that allows inter-process communication. The vulnerable service fails to properly validate or restrict access to its COM interface methods, allowing a local user with standard privileges to invoke elevated operations. This is a classic Windows privilege escalation vector where a service running as SYSTEM exposes COM methods without proper access control checks (e.g., missing DCOM activation permissions, missing method-level authorization, or insufficient interface authentication). The attack leverages the Windows elevation/privilege escalation mechanism inherent to COM services with insufficient boundary enforcement.

Affected Products

- vendor: Razer Inc.; product: Razer Synapse; versions_affected: 4.0 through 4.0.86.2502180127; component: razer_elevation_service.exe; cpe: cpe:2.3:a:razer:synapse:4.0*:*:*:*:*:windows:*:*; platform: Windows (all supported versions with COM support)

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2025-27811 vulnerability details – vuln.today

Back

CVE-2025-27811

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-27811

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code