CVE-2025-11772

EUVD-2025-200095
A carefully crafted DLL, copied to 

C:\ProgramData\Synaptics

 folder, allows a local user to execute 
arbitrary code with elevated privileges during driver installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
SynapticsCNA
6.6 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
synapticsfingerprint_driver
5.5.3521.1066 ≤
𝑥
< 5.5.3537.1066
CNA
synapticsfingerprint_driver
5.5.4012.1052 ≤
𝑥
< 5.5.4022.1052
CNA
Common Weakness Enumeration
References
https://www.synaptics.com/sites/default/files/2025-12/fingerprint-driver-co-installer-security-brief-2025-12-01.pdf