A zero-day vulnerability in Razer Synapse tracked as CWE-264 - Permissions, Privileges, and Access Controls, is being actively exploited in the wild. This is a privilege escalation vulnerability and allows a local attacker to gain administrative privileges on Windows 10 or Windows 11.
The vulnerability exists because the application does not properly impose security restrictions in Windows 10 after plugging in a Razer mouse or keyboard, which leads to security restrictions bypass and privilege escalation.
Patch status:Currently, a patch for this vulnerability is unavailable but a public exploit for the vulnerability exists and reports suggest that it is being actively exploited in the wild.
Cheers,The ManageEngine Team